junos® os broadband subscriber management … configuringdhcpv4layer3wholesalenetworks ... solution...
TRANSCRIPT
Junos®OS
Broadband Subscriber Management WholesaleFeature Guide
Modified: 2018-03-08
Copyright © 2018, Juniper Networks, Inc.
Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates inthe United States and other countries. All other trademarks may be property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Junos®OS Broadband Subscriber ManagementWholesale Feature Guide
Copyright © 2018 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttps://www.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of thatEULA.
Copyright © 2018, Juniper Networks, Inc.ii
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Supported Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Using the Examples in This Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Merging a Full Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Merging a Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxii
Part 1 Configuring DHCP Layer 3Wholesale Networks
Chapter 1 Subscriber Management DHCP Layer 3 Wholesale Overview . . . . . . . . . . . . 3
Layer 2 and Layer 3 Wholesale Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Wholesale Network Configuration Options and Considerations . . . . . . . . . . . . . . . 4
DHCP Layer 3 Wholesale Configuration Interface Support . . . . . . . . . . . . . . . . . . . 5
Layer 3 Wholesale Configuration DHCP Support . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Subscriber to Logical System and Routing Instance Relationship . . . . . . . . . . . . . . 6
RADIUSVSAsandBroadbandSubscriberManagementWholesaleConfiguration
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Chapter 2 Configuring DHCPv4 Layer 3Wholesale Networks . . . . . . . . . . . . . . . . . . . . . . 9
Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
DHCPv4 Layer 3 Wholesale Network Topology Overview . . . . . . . . . . . . . . . . . . . 10
Configuring Loopback Interfaces for the DHCPv4 Layer 3 Wholesale Solution . . . 11
Configuring VLANs for the DHCPv4 Layer 3Wholesale Network Solution . . . . . . . 13
Configuring Static Customer VLANs for the DHCPv4 Layer 3Wholesale
Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring Dynamic VLANs for the DHCPv4 Layer 3Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuring Access Components for the DHCP Layer 3Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configuring RADIUS Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configuring a DHCP Wholesaler Access Profile . . . . . . . . . . . . . . . . . . . . . . . . 16
Configuring DHCP Retailer Access Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
iiiCopyright © 2018, Juniper Networks, Inc.
Configuring Dynamic Profiles for the DHCPv4 Layer 3Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Configuring aWholesale Dynamic Profile for use in the DHCPv4
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Configuring a Dynamic Profile for use by a Retailer in the DHCPv4
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Configuring Separate Routing Instances for DHCPv4 Service Retailers . . . . . . . . . 21
Configure Default Forwarding Options for the DHCPv4Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Example: Wholesaler Dynamic Profile for a DHCPv4 Wholesale Network . . . . . . 26
Example: Retailer Dynamic Profile for a DHCPv4 Wholesale Network . . . . . . . . . 26
Example: Default Forwarding Options Configuration for the DHCPv4Wholesale
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Example: Retailer Routing Instances for a DHCPv4 Wholesale Network . . . . . . . 28
Chapter 3 Configuring DHCPv6 Layer 3 Wholesale Networks . . . . . . . . . . . . . . . . . . . . . 31
Broadband Subscriber Management DHCPv6 Layer 3Wholesale Topology and
Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
DHCPv6 Layer 3 Wholesale Network Topology Overview . . . . . . . . . . . . . . . . . . . 33
Configuring Loopback Interfaces for the DHCPv6 Layer 3 Wholesale Solution . . 34
Configuring VLANs for the DHCPv6 Layer 3 Wholesale Network Solution . . . . . . 34
Configuring Static Customer VLANs for the DHCPv6 Layer 3Wholesale
Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Configuring Dynamic Customer VLANs for the DHCPv6 Layer 3Wholesale
Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Configuring Access Components for the DHCP Layer 3Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Configuring RADIUS Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Configuring a DHCPWholesaler Access Profile . . . . . . . . . . . . . . . . . . . . . . . . 38
Configuring DHCP Retailer Access Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuring Dynamic Profiles for the DHCPv6 Layer 3Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring aWholesale Dynamic Profile for use in the DHCPv6
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring a Dynamic Profile for use by Each Retailer in the DHCPv6
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring Separate Routing Instances for DHCPv6 Service Retailers . . . . . . . . 43
Configuring Address Server Elements for the DHCPv6 Layer 3Wholesale
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configuring a DHCPv6 Address Assignment Pool . . . . . . . . . . . . . . . . . . . . . . 44
Configuring Extended DHCPv6 Local Server . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Example: Retailer Dynamic Profile for a DHCPv6 Wholesale Network . . . . . . . . . 47
Example: Retailer Routing Instances for a DHCPv6 Wholesale Network . . . . . . . 47
Example: DHCPv6 Address Assignment Pool That Provides Full 128-bit IPV6
Addresses for a DHCPv6Wholesale Network . . . . . . . . . . . . . . . . . . . . . . . . . 48
Example: DHCPv6Address Assignment Pool That Provides 74-bit IPV6Prefixes
for a DHCPv6Wholesale Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Example: Extended DHCPv6 Local Server for a DHCPv6Wholesale Network . . . 48
Copyright © 2018, Juniper Networks, Inc.iv
Broadband Subscriber ManagementWholesale Feature Guide
Part 2 Configuring PPPoE Layer 3Wholesale Networks
Chapter 4 Subscriber Management PPPoE Wholesale Overview . . . . . . . . . . . . . . . . . 53
Layer 2 and Layer 3 Wholesale Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
PPPoE Layer 3Wholesale Configuration Interface Support . . . . . . . . . . . . . . . . . . 54
Subscriber to Logical System and Routing Instance Relationship . . . . . . . . . . . . . 54
RADIUSVSAsandBroadbandSubscriberManagementWholesaleConfiguration
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Chapter 5 Configuring PPPoE Layer 3 Wholesale Networks . . . . . . . . . . . . . . . . . . . . . . 57
Broadband Subscriber Management PPPoE Layer 3Wholesale Topology and
Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
PPPoE Layer 3 Wholesale Network Topology Overview . . . . . . . . . . . . . . . . . . . . 59
Configuring Loopback Interfaces for the PPPoE Layer 3 Wholesale Solution . . . . 59
Configuring Static Customer VLANs for the PPPoE Layer 3Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Configuring Access Components for the PPPoEWholesale Network Solution . . . 61
Configuring RADIUS Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring a PPPoE Wholesaler Access Profile . . . . . . . . . . . . . . . . . . . . . . . 62
Configuring PPPoE Retailer Access Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Dynamic Profiles for the PPPoE Layer 3Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Configuring a Wholesale Dynamic Profile for use in the PPPoE Solution . . . 64
Configuring Separate Routing Instances for PPPoE Service Retailers . . . . . . . . . . 66
Example: Wholesaler Dynamic Profile for a PPPoEWholesale Network . . . . . . . . 67
Example: Retailer Routing Instances for a PPPoEWholesale Network . . . . . . . . . 68
Part 3 Configuring Layer 2Wholesale Networks
Chapter 6 Subscriber Management Layer 2 Wholesale Overview . . . . . . . . . . . . . . . . . . 71
Layer 2 and Layer 3 Wholesale Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Wholesale Network Configuration Options and Considerations . . . . . . . . . . . . . . 72
RADIUSVSAsandBroadbandSubscriberManagementWholesaleConfiguration
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Chapter 7 Configuring Layer 2 Wholesale Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Broadband Subscriber Management Layer 2Wholesale Topology and
Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Layer 2 Wholesale Network Topology Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Configuring a Retail Dynamic Profile for Use in the Layer 2Wholesale
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Stacking and Rewriting VLAN Tags for the Layer 2 Wholesale Solution . . . . . . . . 80
Configuring VLAN Interfaces for the Layer 2 Wholesale Solution . . . . . . . . . . . . . 82
Configuring Encapsulation for Layer 2Wholesale VLAN Interfaces . . . . . . . . . . . . 83
Configuring NNI ISP-Facing Interfaces for the Layer 2 Wholesale Solution . . . . . 84
Configuring Direct ISP-Facing Interfaces for the Layer 2 Wholesale Solution . . . . 85
Configuring Separate Access Routing Instances for Layer 2Wholesale Service
Retailers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
vCopyright © 2018, Juniper Networks, Inc.
Table of Contents
Configuring Separate NNI Routing Instances for Layer 2Wholesale Service
Retailers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Configuring Access Components for the Layer 2Wholesale Network
Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuring RADIUS Server Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuring a Layer 2 Wholesaler Access Profile . . . . . . . . . . . . . . . . . . . . . . . 91
Example: Retailer Dynamic Profile for a Layer 2 Wholesale Network . . . . . . . . . . 92
Example: Access Interface for a Layer 2Wholesale Network . . . . . . . . . . . . . . . . . 93
Example: Retailer Access Routing Instances for a Layer 2Wholesale
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Example: Retailer NNI ISP-Facing Interfaces for a Layer 2Wholesale
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Example: Retailer Direct ISP-Facing Interface for a Layer 2Wholesale
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Part 4 Configuring ANCP-Triggered Layer 2Wholesale Services
Chapter 8 ANCP-Triggered Layer 2 Wholesale Service Overview . . . . . . . . . . . . . . . . . 99
Layer 2 Wholesale with ANCP-Triggered VLANs Overview . . . . . . . . . . . . . . . . . . 99
RADIUS Authorization for ANCP-Triggered VLANs . . . . . . . . . . . . . . . . . . . . 102
Instantiation of an ANCP-Triggered, Autosensed, Dynamic VLAN . . . . . . . . 103
Weighted LoadBalancing for Subscriber Sessions over Eligible Core-Facing
Physical Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
RADIUS Interim Accounting Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Removal of the Layer 2 Wholesale Service . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Interactions Between In-Band and Out-of-Band VLAN Autosensing . . . . . . 107
Migration of Subscriber Ownership from Wholesaler to Retailer . . . . . . . . . 109
Migration of Subscriber Ownership from Retailer to Wholesaler . . . . . . . . . 109
Migration of Subscriber Ownership Between Retailers . . . . . . . . . . . . . . . . . 110
Modification of the Access Line Identifier or Port VLAN Identifier . . . . . . . . . . 111
DisconnectingPPPoESessionsandAutomaticallyAttemptingReconnection
as Layer 2 Wholesale Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Consequences of a State Transition in the Access-Facing Physical
Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Consequences of a State Transition from Up to Down in the Core-Facing
Physical Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Consequences of a State Transition from Down to Up in the Core-Facing
Physical Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Loss of ANCP TCP Adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Junos OS Predefined Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Juniper Networks VSAs Supported by the AAA Service Framework . . . . . . . . . . . 143
AAAAccessMessages and Supported RADIUSAttributes and Juniper Networks
VSAs for Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
AAA Accounting Messages and Supported RADIUS Attributes and Juniper
Networks VSAs for Junos OS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Chapter 9 Configuring ANCP-Triggered Layer 2Wholesale Services . . . . . . . . . . . . . . 169
Configuring ANCP Neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Configuring the ANCP Agent for ANCP-Triggered, Autosensed Dynamic
VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Copyright © 2018, Juniper Networks, Inc.vi
Broadband Subscriber ManagementWholesale Feature Guide
Configuring a Username for Authentication of Out-of-Band Triggered Dynamic
VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Configuring Out-of-Band ANCPMessages to Trigger Dynamic VLAN
Instantiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Triggering ANCP OAM to Simulate ANCP Port Down and Port Up Messages . . . 174
Configuring the ANCP Agent to Dampen the Effects of Short-Term Adjacency
Losses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Reestablishing Pending Access Line Sessions for Layer 2 Wholesale . . . . . . . . . . 177
Configuring Multiple Non-Overlapping VLAN Ranges for Core-Facing Physical
Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Clearing ANCP Access Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Chapter 10 Configuring Flat-File Accounting for Layer 2Wholesale Services . . . . . . . . 181
Flat-File Accounting Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Configuring Flat-File Accounting for Layer 2 Wholesale . . . . . . . . . . . . . . . . . . . . 185
Configuring Flat-File Accounting for Extensible Subscriber Services
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Configuring Service Accounting in Local Flat Files . . . . . . . . . . . . . . . . . . . . . . . . 193
Part 5 Configuration Statements and Operational Commands
Chapter 11 Configuration Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
accept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
accept-out-of-band . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
access-profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
access-profile (Dynamic VLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
access-profile (Dynamic Stacked VLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
accounting-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
active-server-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
address-assignment (Address-Assignment Pools) . . . . . . . . . . . . . . . . . . . . . . . 213
adjacency-loss-hold-time (ANCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
ancp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
authentication (DHCP Local Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
authentication (DHCP Relay Agent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
authentication-order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
authentication-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
auto-configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
auto-configure-trigger interface (ANCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
backup-on-failure (Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
circuit-id (VLAN Authentication Username) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
cleanup-interval (Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
compress (Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
connectivity-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
core-facing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
demux0 (Dynamic Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
demux-options (Dynamic Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
demux-source (Dynamic IP Demux Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
demux-source (Dynamic Underlying Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . 233
viiCopyright © 2018, Juniper Networks, Inc.
Table of Contents
demux-source (Underlying Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
dhcp-attributes (Address-Assignment Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
dhcp-local-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
dhcp-relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
dhcpv6 (DHCP Local Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
domain-name (Address-Assignment Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
dynamic-profile (DHCP Local Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
dynamic-profile (DHCP Relay Agent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
dynamic-profile (Dynamic PPPoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
dynamic-profile (Stacked VLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
dynamic-profile (VLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
dynamic-profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
egress-stats (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
encapsulation (Dynamic Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
encapsulation (Logical Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
encapsulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
exclude (RADIUS Attributes) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
family (Address-Assignment Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
family (Dynamic Demux Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
family (Dynamic PPPoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
family (Dynamic Standard Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
fields (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
file (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
flat-file-profile (Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
flat-file-profile (Extensible Subscriber Services) . . . . . . . . . . . . . . . . . . . . . . . . . 313
flexible-vlan-tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
format (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
forwarding-options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
general-param (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
grace-period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
group (DHCP Local Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
group (DHCP Relay Agent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
ingress-stats (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
inner-vlan-id (Dynamic VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
inner-vlan-id-swap-ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
input-vlan-map (Dynamic Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
interface (DHCP Local Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
interface (DHCP Relay Agent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
interface (Dynamic Routing Instances) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
interface (Routing Instances) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
interface-mac-limit (VPLS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
interfaces (Static and Dynamic Subscribers) . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
interval (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
instance-role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
instance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
ip-address-first . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
keepalives (Dynamic Profiles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
l2-stats (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Copyright © 2018, Juniper Networks, Inc.viii
Broadband Subscriber ManagementWholesale Feature Guide
mac-validate (Dynamic IP Demux Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
multicast-replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
neighbor (Define ANCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
no-local-switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
no-tunnel-services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
maximum-lease-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
overall-packet (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
output-vlan-map (Dynamic Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
pap (Dynamic PPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
pool (Address-Assignment Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
pool-match-order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
pop (Dynamic VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
pppoe-options (Dynamic PPPoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
pppoe-underlying-options (Static and Dynamic Subscribers) . . . . . . . . . . . . . . 364
ppp-options (Dynamic PPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
prefix (Address-Assignment Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
profile (Access) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
proxy-arp (Dynamic Profiles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
push (Dynamic VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
push-backup-to-master (Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . . 377
radius (Access Profile) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
range (Address-Assignment Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
ranges (Dynamic VLAN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
remote-id (VLAN Authentication Username) . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
route-distinguisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
routing-instances (Dynamic Profiles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
routing-instances (Multiple Routing Entities) . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
schema-version (Flat-File Accounting Options) . . . . . . . . . . . . . . . . . . . . . . . . . 390
secret . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
server (Dynamic PPPoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
server-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
site (VPLS Multihoming for FEC 128) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
site-identifier (VPLS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
site-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
stacked-vlan-ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
stacked-vlan-tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
traceoptions (DHCP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
underlying-interface (demux0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
underlying-interface (Dynamic PPPoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
unit (Dynamic Demux Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
unit (Dynamic Profiles Standard Interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
unnumbered-address (Dynamic PPPoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415
unnumbered-address (Dynamic Profiles) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
unnumbered-address (Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
ixCopyright © 2018, Juniper Networks, Inc.
Table of Contents
username-include . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
user-prefix (DHCP Local Server) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
vlan-id (Dynamic VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
vlan-id (VLAN ID to Be Bound to a Logical Interface) . . . . . . . . . . . . . . . . . . . . . 422
vlan-model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
vlan-ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
vlan-tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
vlan-tags (Stacked VLAN Tags) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
vpls (Routing Instance) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
vrf-export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
vrf-import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
vrf-target . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Chapter 12 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
clear ancp access-loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437
clear ancp neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
clear dhcp relay binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
clear dhcp relay statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
clear dhcp server binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447
clear dhcp server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
clear dhcpv6 server binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
clear dhcpv6 server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
clear network-access aaa subscriber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
request ancp oam port-down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
request ancp oam port-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
request auto-configuration reconnect-pending . . . . . . . . . . . . . . . . . . . . . . . . . . 462
show ancp neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
show auto-configuration out-of-band pending . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
show dhcp relay binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472
show dhcp relay statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
show dhcp server binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
show dhcp server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
show dhcpv6 server binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
show dhcpv6 server statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
show interfaces (Aggregated Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
show interfaces (Fast Ethernet) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
show interfaces (Loopback) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
show interfaces (PPPoE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
show interfaces demux0 (Demux Interfaces) . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
show interfaces filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635
show interfaces l2-routing-instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637
show interfaces routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639
show interfaces routing-instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
show network-access aaa statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
show network-access aaa statistics authentication . . . . . . . . . . . . . . . . . . . . . . 656
show network-access aaa subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
show network-access address-assignment pool . . . . . . . . . . . . . . . . . . . . . . . . 664
show ppp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
Copyright © 2018, Juniper Networks, Inc.x
Broadband Subscriber ManagementWholesale Feature Guide
show subscribers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
show subscribers summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
show vpls connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
show vpls flood event-queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722
show vpls flood instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
show vpls flood route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 726
show vpls mac-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728
show vpls statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
xiCopyright © 2018, Juniper Networks, Inc.
Table of Contents
Copyright © 2018, Juniper Networks, Inc.xii
Broadband Subscriber ManagementWholesale Feature Guide
List of Figures
Part 1 Configuring DHCP Layer 3Wholesale Networks
Chapter 2 Configuring DHCPv4 Layer 3Wholesale Networks . . . . . . . . . . . . . . . . . . . . . . 9
Figure 1: Basic Subscriber Management Layer 3Wholesale Solution
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 2: DHCPv4 Layer 3 Wholesale Network Reference Topology . . . . . . . . . . . . 11
Chapter 3 Configuring DHCPv6 Layer 3 Wholesale Networks . . . . . . . . . . . . . . . . . . . . . 31
Figure 3: Basic Subscriber Management DHCPv6 Layer 3Wholesale Solution
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Figure 4: DHCPv6 Layer 3 Wholesale Network Reference Topology . . . . . . . . . . . 33
Part 2 Configuring PPPoE Layer 3Wholesale Networks
Chapter 5 Configuring PPPoE Layer 3 Wholesale Networks . . . . . . . . . . . . . . . . . . . . . . 57
Figure 5: Basic Subscriber Management PPPoE Layer 3Wholesale Solution
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Figure 6: PPPoE Layer 3 Wholesale Network Reference Topology . . . . . . . . . . . . 59
Part 3 Configuring Layer 2Wholesale Networks
Chapter 7 Configuring Layer 2 Wholesale Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Figure 7: Basic Subscriber Management Layer 2Wholesale Solution
Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Figure 8: Layer 2 Wholesale Network Reference Topology . . . . . . . . . . . . . . . . . . . 78
Part 4 Configuring ANCP-Triggered Layer 2Wholesale Services
Chapter 8 ANCP-Triggered Layer 2 Wholesale Service Overview . . . . . . . . . . . . . . . . . 99
Figure 9: Sample Layer 2 Wholesale Access Topology . . . . . . . . . . . . . . . . . . . . . 100
xiiiCopyright © 2018, Juniper Networks, Inc.
Copyright © 2018, Juniper Networks, Inc.xiv
Broadband Subscriber ManagementWholesale Feature Guide
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Part 1 Configuring DHCP Layer 3Wholesale Networks
Chapter 1 Subscriber Management DHCP Layer 3 Wholesale Overview . . . . . . . . . . . . 3
Table 3: Required Juniper Networks VSAs for the Broadband Subscriber
Management Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Part 2 Configuring PPPoE Layer 3Wholesale Networks
Chapter 4 Subscriber Management PPPoE Wholesale Overview . . . . . . . . . . . . . . . . . 53
Table 4: Required Juniper Networks VSAs for the Broadband Subscriber
Management Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Part 3 Configuring Layer 2Wholesale Networks
Chapter 6 Subscriber Management Layer 2 Wholesale Overview . . . . . . . . . . . . . . . . . . 71
Table 5: Required Juniper Networks VSAs for the Broadband Subscriber
Management Wholesale Network Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Chapter 7 Configuring Layer 2 Wholesale Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Table 6: Rewrite Operations on Single-Tagged and Dual-Tagged Frames . . . . . . 80
Table 7: Applying Rewrite Operations to VLAN Maps . . . . . . . . . . . . . . . . . . . . . . . 81
Table 8: Encapsulation Combinations for Layer 2Wholesale Interfaces . . . . . . . . 84
Part 4 Configuring ANCP-Triggered Layer 2Wholesale Services
Chapter 8 ANCP-Triggered Layer 2 Wholesale Service Overview . . . . . . . . . . . . . . . . . 99
Table 9: Junos OS Predefined Variables and Definitions . . . . . . . . . . . . . . . . . . . . 118
Table 10: Supported Juniper Networks VSAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Table 11: AAA Access Messages: Supported RADIUS Attributes and Juniper
Networks VSAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Table 12: AAAAccountingMessages—SupportedRADIUSAttributes and Juniper
Networks VSAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Chapter 10 Configuring Flat-File Accounting for Layer 2Wholesale Services . . . . . . . . 181
Table 13: Value of Elements in Sample Accounting Flat File XML Header . . . . . . 182
Part 5 Configuration Statements and Operational Commands
Chapter 12 Operational Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
xvCopyright © 2018, Juniper Networks, Inc.
Table 14: clear dhcp relay statistics Output Fields . . . . . . . . . . . . . . . . . . . . . . . . 445
Table 15: show ancp neighbor Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Table 16: show auto-configuration out-of-band pending Output Fields . . . . . . . 471
Table 17: show dhcp relay binding Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . 473
Table 18: show dhcp relay statistics Output Fields . . . . . . . . . . . . . . . . . . . . . . . . 479
Table 19: show dhcp server binding Output Fields . . . . . . . . . . . . . . . . . . . . . . . . 483
Table 20: show dhcp server statistics Output Fields . . . . . . . . . . . . . . . . . . . . . . 490
Table 21: show dhcpv6 server binding Output Fields . . . . . . . . . . . . . . . . . . . . . . 494
Table 22: show dhcpv6 server statistics Output Fields . . . . . . . . . . . . . . . . . . . . 500
Table 23: Aggregated Ethernet show interfaces Output Fields . . . . . . . . . . . . . . 502
Table 24: show interfaces Fast Ethernet Output Fields . . . . . . . . . . . . . . . . . . . . . 513
Table 25: show interfaces (Gigabit Ethernet) Output Fields . . . . . . . . . . . . . . . . 534
Table 26: Gigabit and 10 Gigabit Ethernet IQ PIC Traffic and MAC Statistics by
Interface Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
Table 27: show interfaces Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
Table 28: Loopback show interfaces Output Fields . . . . . . . . . . . . . . . . . . . . . . . 608
Table 29: show interfaces (PPPoE) Output Fields . . . . . . . . . . . . . . . . . . . . . . . . 615
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields . . . . . . . 625
Table 31: show interfaces filters Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 635
Table 32: show interfaces l2-routing-instance Output Fields . . . . . . . . . . . . . . . 637
Table 33: show interfaces routing Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . 639
Table 34: show network-access aaa statistics Output Fields . . . . . . . . . . . . . . . 648
Table 35: show network-access aaa statistics authentication Output Fields . . 656
Table 36: show network-access aaa subscribers Output Fields . . . . . . . . . . . . . 659
Table 37: show network-access address-assignment pool Output Fields . . . . . 664
Table 38: show ppp interface Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
Table 39: show subscribers Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
Table 40: show subscribers summary Output Fields . . . . . . . . . . . . . . . . . . . . . . 706
Table 41: show vpls connections Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 712
Table 42: show vpls flood event-queue Output Fields . . . . . . . . . . . . . . . . . . . . . 722
Table 43: show vpls flood instance Output Fields . . . . . . . . . . . . . . . . . . . . . . . . 724
Table 44: show vpls flood route Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 726
Table 45: show vpls mac-table Output fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729
Table 46: show vpls statistics Output Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Copyright © 2018, Juniper Networks, Inc.xvi
Broadband Subscriber ManagementWholesale Feature Guide
About the Documentation
• Documentation and Release Notes on page xvii
• Supported Platforms on page xvii
• Using the Examples in This Manual on page xvii
• Documentation Conventions on page xix
• Documentation Feedback on page xxi
• Requesting Technical Support on page xxi
Documentation and Release Notes
To obtain the most current version of all Juniper Networks®technical documentation,
see the product documentation page on the Juniper Networks website at
https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at https://www.juniper.net/books.
Supported Platforms
For the features described in this document, the following platforms are supported:
• MXSeries
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the loadmerge or the load
merge relative command. These commands cause the software to merge the incoming
configuration into the current candidate configuration. The example does not become
active until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiple
hierarchies), the example is a full example. In this case, use the loadmerge command.
xviiCopyright © 2018, Juniper Networks, Inc.
If the example configuration does not start at the top level of the hierarchy, the example
is a snippet. In this case, use the loadmerge relative command. These procedures are
described in the following sections.
Merging a Full Example
Tomerge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a
text file, save the file with a name, and copy the file to a directory on your routing
platform.
For example, copy the following configuration toa file andname the file ex-script.conf.
Copy the ex-script.conf file to the /var/tmp directory on your routing platform.
system {scripts {commit {file ex-script.xsl;
}}
}interfaces {fxp0 {disable;unit 0 {family inet {address 10.0.0.1/24;
}}
}}
2. Merge the contents of the file into your routing platform configuration by issuing the
loadmerge configuration mode command:
[edit]user@host# loadmerge /var/tmp/ex-script.confload complete
Merging a Snippet
Tomerge a snippet, follow these steps:
1. From the HTML or PDF version of themanual, copy a configuration snippet into a text
file, save the file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file
ex-script-snippet.conf. Copy the ex-script-snippet.conf file to the /var/tmp directory
on your routing platform.
commit {file ex-script-snippet.xsl; }
Copyright © 2018, Juniper Networks, Inc.xviii
Broadband Subscriber ManagementWholesale Feature Guide
2. Move to the hierarchy level that is relevant for this snippet by issuing the following
configuration mode command:
[edit]user@host# edit system scripts[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the
loadmerge relative configuration mode command:
[edit system scripts]user@host# loadmerge relative /var/tmp/ex-script-snippet.confload complete
For more information about the load command, see CLI Explorer.
Documentation Conventions
Table 1 on page xix defines notice icons used in this guide.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page xx defines the text and syntax conventions used in this guide.
xixCopyright © 2018, Juniper Networks, Inc.
About the Documentation
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type theconfigure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
• A policy term is a named structurethat defines match conditions andactions.
• Junos OS CLI User Guide
• RFC 1997,BGPCommunities Attribute
• Introduces or emphasizes importantnew terms.
• Identifies guide names.
• Identifies RFC and Internet draft titles.
Italic text like this
Configure themachine’s domain name:
[edit]root@# set system domain-namedomain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.
• Theconsoleport is labeledCONSOLE.
Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.
Text like this
stub <default-metricmetric>;Encloses optional keywords or variables.< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.
# (pound sign)
community namemembers [community-ids ]
Encloses a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]routing-options {static {route default {nexthop address;retain;
}}
}
Identifies a level in the configurationhierarchy.
Indention and braces ( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
GUI Conventions
Copyright © 2018, Juniper Networks, Inc.xx
Broadband Subscriber ManagementWholesale Feature Guide
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
• In the Logical Interfaces box, selectAll Interfaces.
• To cancel the configuration, clickCancel.
Representsgraphicaluser interface(GUI)items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf.
Separates levels in a hierarchy of menuselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can provide feedback by using either of the following
methods:
• Online feedback rating system—On any page of the Juniper Networks TechLibrary site
at https://www.juniper.net/documentation/index.html, simply click the stars to rate the
content, anduse thepop-up formtoprovideuswith informationabout your experience.
Alternately, you can use the online feedback form at
https://www.juniper.net/documentation/feedback/.
• E-mail—Sendyourcommentsto [email protected]. Includethedocument
or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the JuniperNetworksTechnicalAssistance
Center (JTAC). If you are a customer with an active J-Care or Partner Support Service
support contract, or are covered under warranty, and need post-sales technical support,
you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
https://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides youwith the
following features:
xxiCopyright © 2018, Juniper Networks, Inc.
About the Documentation
• Find CSC offerings: https://www.juniper.net/customers/support/
• Search for known bugs: https://prsearch.juniper.net/
• Find product documentation: https://www.juniper.net/documentation/
• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
• Download the latest versions of software and review release notes:
https://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://kb.juniper.net/InfoCenter/
• Join and participate in the Juniper Networks Community Forum:
https://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: https://www.juniper.net/cm/
Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement
(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
Opening a Casewith JTAC
You can open a case with JTAC on theWeb or by telephone.
• Use the Case Management tool in the CSC at https://www.juniper.net/cm/.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
https://www.juniper.net/support/requesting-support.html.
Copyright © 2018, Juniper Networks, Inc.xxii
Broadband Subscriber ManagementWholesale Feature Guide
PART 1
Configuring DHCP Layer 3WholesaleNetworks
• Subscriber Management DHCP Layer 3Wholesale Overview on page 3
• Configuring DHCPv4 Layer 3Wholesale Networks on page 9
• Configuring DHCPv6 Layer 3Wholesale Networks on page 31
1Copyright © 2018, Juniper Networks, Inc.
Copyright © 2018, Juniper Networks, Inc.2
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 1
Subscriber Management DHCP Layer 3Wholesale Overview
• Layer 2 and Layer 3Wholesale Overview on page 3
• Wholesale Network Configuration Options and Considerations on page 4
• DHCP Layer 3Wholesale Configuration Interface Support on page 5
• Layer 3Wholesale Configuration DHCP Support on page 5
• Subscriber to Logical System and Routing Instance Relationship on page 6
• RADIUS VSAs and Broadband Subscriber ManagementWholesale Configuration
Overview on page 6
Layer 2 and Layer 3Wholesale Overview
In general, wholesaling broadband services allows service providers to resell broadband
services and allows other providers to deploy their own services over the incumbent
network. There are different methods to partitioning an access network for resale. The
twomost common approaches are based on either Layer 2 or Layer 3 information.
Wholesale access is the process by which the access network provider (thewholesaler)
partitions the access network into separately manageable and accountable subscriber
segments for resale to other network providers (or retailers).
In a Layer 3 wholesale configuration, you partition the wholesaler access network at the
network layer or the subscriber IP component by associating the IP component with a
distinct Layer 3 domain. In a Layer 2 wholesale configuration, you partition the access
network at the subscriber circuit or customer VLAN (C-VLAN) by backhauling the
connection through the service provider backbone network to the subscribing retailer
network where the access traffic can bemanaged at higher layers.
In a Junos OS Dynamic Host Configuration Protocol (DHCP) or Point-to-Point Protocol
over Ethernet (PPPoE) subscriber access configuration, wholesale partitioning is
accomplished through the use of logical systems and routing instanceswithin the router.
Logical systems offer a stricter partitioning of routing resources than routing instances.
The purpose behind the use of logical systems is to distinctly partition the physical router
into separate administrative domains. This partitioning enables multiple providers to
administer the router simultaneously,witheachproviderhavingaccessonly to theportions
of the configuration relevant to their logical system. Junos OS supports up to 15 named
3Copyright © 2018, Juniper Networks, Inc.
logical systems in addition to thedefault logical system(that is, inet.0). Unless otherwise
specified in configuration, all interfaces belong to the default logical system.
NOTE: This Junos OS release supports the use of only the default logicalsystem. Partitioning currently occurs through the use of separate routinginstances.
A logical system can have one or more routing instances. Typically used in Layer 3 VPN
scenarios, a routing instance does not have the same level of administrative separation
asa logical systembecause it doesnotoffer administrative isolation.However, the routing
instance defines a distinct routing table, set of routing policies, and set of interfaces.
RelatedDocumentation
Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements on page 9
•
• Broadband Subscriber Management PPPoE Layer 3Wholesale Topology and
Configuration Elements on page 57
• Broadband Subscriber Management Layer 2Wholesale Topology and Configuration
Elements on page 75
Wholesale Network Configuration Options and Considerations
You can configure a wholesale network any number of ways using Juniper Networks
hardware and Junos OS software. For information about subscriber management
hardware support, see the Junos OS Broadband Subscriber Management and Services
Library. The general configuration options, and considerations for each, are provided in
the following table:
ConsiderationsWholesale Configuration Options
Providing more control over retailer space and access, this option is more laborintensive and can require more detailed planning of the network, address allocation,and so on.
Fully Static (all interfaces, VLANs, androuting instances are configuredstatically)
Service VLANS are created statically andmust bemanaged. Demux interfaces aredynamically createdover the serviceVLANs. This optionusesmore logical interfaces;one for each VLAN and one for each dynamic demux interface that runs over eachVLAN.
Static VLANs and Dynamic DemuxInterfaces
Dynamic (auto-sensed) VLANs are authenticated and installed in the correctnon-default routing instance before DHCP is instantiated. This method helps toconserve logical interfacesbyavoiding theneed foradditional logical interfacesbeingcreated for each demux interface.
NOTE: In a customer VLANmodel, each VLAN functions on a 1:1 basis for eachcustomer (in this case, per household).
Dynamic VLANs Only (dedicatedcustomer VLANs for each subscriber)
Copyright © 2018, Juniper Networks, Inc.4
Broadband Subscriber ManagementWholesale Feature Guide
ConsiderationsWholesale Configuration Options
Allows for thegreatest easeofuseand flexibility in configuring subscribers, byenablingaccess over a service VLAN and targetting more service levels over individual,dynamically-created demux interfaces over the service VLAN. This option usesmorelogical interfaces; one for each VLAN and one for each demux interface that runsover each VLAN.
Dynamic VLANs and Dynamic DemuxInterfaces
DHCP Layer 3Wholesale Configuration Interface Support
DHCP Layer 3 wholesale currently supports only the use of IP demux interfaces.
For general additional information about configuring IP demux interfaces, see the Junos
OS Network Interfaces Library for Routing Devices.
RelatedDocumentation
Junos OS Network Interfaces Library for Routing Devices•
• Subscriber Interfaces and Demultiplexing Overview .
• ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles.
• Configuring a Subscriber Interface Using a Set of Static IP Demux Interfaces.
Layer 3Wholesale Configuration DHCP Support
DHCP Layer 3 wholesale supports the following DHCP configuration options:
• DHCP Relay
• DHCP Relay Proxy
• DHCP Local Server
NOTE: All routing instances within the samewholesale networkmust usethe same DHCP configuration option.
For additional information about any of these DHCP options, see the AAA Service
Framework Overview.
RelatedDocumentation
Extended DHCP Relay Agent Overview.•
• DHCP Relay Proxy Overview.
• Extended DHCP Local Server Overview.
5Copyright © 2018, Juniper Networks, Inc.
Chapter 1: Subscriber Management DHCP Layer 3Wholesale Overview
Subscriber to Logical System and Routing Instance Relationship
As subscriber sessions are established, subscriber to logical system/routing instance
memberships are established by the AAA framework configured for the default logical
system.WhenconfiguringLayer3wholesaling, you typically configureglobal (wholesale)
information within the default (master) logical system and default routing instance.
Incomingsubscribersmust thenbeauthenticated, but this authenticationcanbehandled
in one of two ways:
• Single (wholesaler only) authentication—Incoming subscribers are authenticated by
thewholesalerRADIUSserver. After authentication, the subscribersareassignedvalues
specified by dynamic profiles (routing instances, interfaces, and any configuration
values) specific to a particular retailer.
• Dual (wholesaler and retailer) authentication—Sometimes referred to as double-dip
authentication. Incoming subscribers are initially authenticated by RADIUS using the
wholesale configuration. Authenticated subscribers are then redirected toother routing
instances associated with individual retailer network space. When you redirect
subscribers, and those subscribers are to be authenticated by AAA servers owned by
individual retailers, the subscribers must be authenticated again by the AAA servers
before they are provided an address and any dynamic profile values are assigned. After
reauthentication, however, the subscribers are managed normally using any values
specific to the retailer routing instance to which they are assigned.
RelatedDocumentation
See Routing Instances Overview in the Junos OS Routing Protocols Library.•
RADIUS VSAs and Broadband Subscriber ManagementWholesale ConfigurationOverview
You canuseRADIUS to assign various values through the use of dynamic variableswithin
dynamic profiles. However, the configuration of at least one of the two VSAs described
in Table 3 on page 6 is required for a wholesale network to function.
Table 3: Required Juniper Networks VSAs for the Broadband SubscriberManagementWholesale Network Solution
ValueDescriptionAttribute NameAttribute Number
string: logicalsystem:routinginstance
Client logicalsystem/routinginstancemembershipname. Allowed onlyfrom RADIUS serverfor “default” logicalsystem/routinginstancemembership.
LSRI-Name26-1
Copyright © 2018, Juniper Networks, Inc.6
Broadband Subscriber ManagementWholesale Feature Guide
Table 3: Required Juniper Networks VSAs for the Broadband SubscriberManagementWholesale Network Solution (continued)
ValueDescriptionAttribute NameAttribute Number
string: logicalsystem:routinginstance
Client logicalsystem/routinginstancemembershipname indicating towhich logicalsystem/routinginstancemembershipthe request isredirected for userauthentication.
Redirect-LSRI-Name26-25
Specifying the $junos-routing-instance dynamic variable in a dynamic profile triggers a
RADIUSaccess-accept responseofeither theLSRI-NameVSAor theRedirect-LSRI-Name
VSA. Returning an LSRI-Name attribute in the access-accept response provides the
logical system and routing instance in which the logical interface is to be created and
the router updates the session database with the specified routing instance value.
Returning a Redirect-LSRI-Name attribute in the access-accept response results in the
router immediately sending a second access-request message (sometimes referred to
as a double-dip) to the RADIUS server specified by the logical system:routing instance
attribute specified by the Redirect-LSRI-Name VSA.
NOTE: Attributes returned as a result of a second access-request messageto the logical system/routing instancemembership specified by theRedirect-LSRI-Name VSA override any prior attributes returned by initialaccess-accept responses to the default logical system/routing instancemembership.
RelatedDocumentation
• Juniper Networks VSAs Supported by the AAA Service Framework on page 143.
7Copyright © 2018, Juniper Networks, Inc.
Chapter 1: Subscriber Management DHCP Layer 3Wholesale Overview
Copyright © 2018, Juniper Networks, Inc.8
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 2
Configuring DHCPv4 Layer 3WholesaleNetworks
• Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements on page 9
• DHCPv4 Layer 3Wholesale Network Topology Overview on page 10
• ConfiguringLoopback Interfaces for theDHCPv4Layer 3WholesaleSolutiononpage 11
• Configuring VLANs for the DHCPv4 Layer 3Wholesale Network Solution on page 13
• Configuring Access Components for the DHCP Layer 3Wholesale Network
Solution on page 16
• Configuring Dynamic Profiles for the DHCPv4 Layer 3Wholesale Network
Solution on page 18
• Configuring Separate Routing Instances for DHCPv4 Service Retailers on page 21
• Configure Default Forwarding Options for the DHCPv4Wholesale Network
Solution on page 24
• Example: Wholesaler Dynamic Profile for a DHCPv4Wholesale Network on page 26
• Example: Retailer Dynamic Profile for a DHCPv4Wholesale Network on page 26
• Example: Default Forwarding Options Configuration for the DHCPv4Wholesale
Network on page 27
• Example: Retailer Routing Instances for a DHCPv4Wholesale Network on page 28
Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology andConfiguration Elements
Thenetwork topology for thesubscribermanagementDHCPv4Layer3wholesale solution
includes configuring separate routing instances for individual retailers that use a portion
of the router. This solution uses a DHCPv4 relay configuration. However, you can also
implement DHCPv4 Relay Proxy or DHCPv4 Local Server configuration.
To explain the concept, but to limit complexity, this solution provides a configuration
with one wholesaler and only two retailers. Figure 1 on page 10 illustrates a basic Layer
3 wholesale topology model fromwhich you can expand.
9Copyright © 2018, Juniper Networks, Inc.
Figure 1: Basic Subscriber Management Layer 3Wholesale SolutionTopology
MSAN
MSAN
Retailer 1
serverDHCP
Retailer 1
serverRADIUS
Wholesaler
serverRADIUS
Wholesaler
serverDHCP
Retailer 2
serverRADIUS
Retailer 2
serverDHCP
Wholesaler Network Space
g017
381
MX Series
Retailer 1 Network Space
Retailer 2 Network Space
ADHCPLayer3wholesalenetwork solutioncanusevariouscombinationsof the following
configuration elements:
• Subscriber network VLAN configuration
• DHCPv4 configuration (DHCPv4 Relay, DHCPv4 Relay Proxy, or DHCPv4 Local Server)
• Addressingserveroraddressingserveraccessconfiguration (if notusingDHCPv4Local
Server)
• RADIUS server access configuration
• Dynamic profile configuration for default (wholesaler) access
• Dynamic profile configuration for retailer access (following subscriber redirection, if
applicable)
• Routing instance configuration for individual retailers
• Group configuration and forwarding options for the network
• Core network configuration
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• DHCPv4 Layer 3Wholesale Network Topology Overview on page 10
DHCPv4 Layer 3Wholesale Network Topology Overview
This configuration explains how to configure a simple DHCPv4 Layer 3 wholesale
subscriber access network. This solution incorporates two retailers sharing resources on
Copyright © 2018, Juniper Networks, Inc.10
Broadband Subscriber ManagementWholesale Feature Guide
a wholesaler router. Figure 2 on page 11 provides the reference topology for this
configuration example.
Figure 2: DHCPv4 Layer 3Wholesale Network Reference Topology
MSAN
GE-2/3/0
Retailer 1 Network Space
MSAN
GE-2/3/0
Retailer 1
serverDHCP
Retailer 1
serverRADIUS
Wholesaler
serverRADIUS
Wholesaler
serverDHCP
Retailer 2
serverRADIUS
Retailer 2 Network Space
Retailer 1 Network Elements
Access Network Interface:Loopback (lo0.1) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/0127.44.0.1/32Three (unit 1 to 3)GE-2/3/0.1 to GE-2/3/0.310.10.10.110.10.10.1
Retailer_Access1DHCP Server Address: 10.10.100.1
Routing Instance: Retailer_Instance1Dynamic Profile: Subscriber_Profile_Retail1
Retailer 2 Network Elements
Access Network Interface:Loopback (lo0.2) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/0127.42.0.1/32Three (unit 4 to 6)GE-2/3/0.4 to GE-2/3/0.610.20.20.110.20.20.1
Retailer_Access2DHCP Server Address: 10.20.200.1
Routing Instance: Retailer_Instance2Dynamic Profile: Subscriber_Profile_Retail2
Wholesaler-Specific Network Elements
Access Network Interface:Loopback (lo0.3) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/0127.40.0.1/32Three (unit 1 to 3)GE-2/3/0.7192.168.1.1192.168.1.1
Wholesaler_AccessDHCP Server Address: 192.168.100.1
Routing Instance: Wholesaler_InstanceDynamic Profile: Wholesaler_Profile
MX Series
Retailer 2
serverDHCP
g017
382
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements on page 9
Configuring Loopback Interfaces for the DHCPv4 Layer 3Wholesale Solution
Youmust configure loopback interfaces for use in the subscriber management access
network. The loopback interfaces are automatically used for unnumbered interfaces.
11Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
To configure loopback interfaces:
1. Edit the loopback interface.
[edit]user@host# edit interfaces lo0
2. Edit the unit for the wholesale loopback interface.
[edit interfaces lo0]user@host# edit unit 3
3. Edit the loopback interface family that belongs to the wholesaler.
[edit interfaces lo0 unit 3]user@host# edit family inet
4. Specify the loopback interface address that belongs to the wholesaler.
[edit interfaces lo0 unit 3]user@host# set address 127.40.0.1/32
5. Edit the unit for a retail loopback interface to be assigned to the retailer.
[edit interfaces lo0]user@host# edit unit 1
6. Edit the loopback interface family that will be assigned to the retailer.
[edit interfaces lo0 unit 1]user@host# edit family inet
7. Specify the loopback interface address that will be assigned to the retailer.
[edit interfaces lo0 unit 1]user@host# set address 127.42.0.1/32
8. Repeat steps 5 through 7 for additional retailers, making sure to use unique unit and
address values for each retailer loopback interface.
RelatedDocumentation
Junos OS Network Interfaces Library for Routing Devices•
Copyright © 2018, Juniper Networks, Inc.12
Broadband Subscriber ManagementWholesale Feature Guide
Configuring VLANs for the DHCPv4 Layer 3Wholesale Network Solution
You can configure either static or dynamic customer VLANs for use in the DHCPv4
wholesale network solution.
• Configuring Static Customer VLANs for the DHCPv4 Layer 3Wholesale Network
Solution on page 13
• Configuring Dynamic VLANs for the DHCPv4 Layer 3Wholesale Network
Solution on page 14
Configuring Static Customer VLANs for the DHCPv4 Layer 3Wholesale Network Solution
In this example configuration, the access interface (ge-2/3/0) connects to a device (that
is, a DSLAM) on the access side of the network. You can define static VLANs for use by
the access network subscribers.
To configure the static VLANs:
1. Edit the access side interface.
[edit]user@host# edit interfaces ge-2/3/0
2. Specify the use of stacked VLAN tagging.
[edit interfaces ge-2/3/0]user@host# set stacked-vlan-tagging
3. Edit the interface unit for the first VLAN.
[edit interfaces ge-2/3/0]user@host# edit unit 1
4. Define the VLAN tags for the first VLAN.
[edit interfaces ge-2/3/0 unit 1]user@host# set vlan-tags outer 3 inner 1
5. Specify that you want to create IPv4 demux interfaces.
[edit interfaces ge-2/3/0 unit 1]user@host# set demux-source inet
6. Edit the family for the first VLAN.
[edit interfaces ge-2/3/0 unit 1]user@host# edit family inet
7. (Optional) Define the unnumbered address and the preferred source address for the
first VLAN.
[edit interfaces ge-2/3/0 unit 1 family inet]user@host# set unnumbered-address lo0.1 preferred-source-address 127.44.0.1
8. Repeat steps 2 through 7 for additional VLAN interface units.
13Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
Configuring Dynamic VLANs for the DHCPv4 Layer 3Wholesale Network Solution
To configure dynamic VLANs for the solution:
1. Configure a dynamic profile for dynamic VLAN creation.
a. Name the profile.
[edit]user@host# edit dynamic-profiles VLAN-PROF
b. Define the interfaces statementwith the internal$junos-interface-ifd-namevariable
used by the router to match the interface name of the receiving interface.
[edit dynamic-profiles VLAN-PROF]user@host# edit interfaces $junos-interface-ifd-name
c. Define the unit statement with the predefined $junos-interface-unit variable:
[edit dynamic-profiles VLAN-PROF interfaces “$junos-interface-ifd-name”]user@host# edit unit $junos-interface-unit
d. (Optional) To configure the router to respond to any ARP request, specify the
proxy-arp statement.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set proxy-arp
e. Specify that you want to create IPv4 demux interfaces.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set demux-source inet
f. Specify the VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags outer $junos-stacked-vlan-id
The variable is dynamically replacedwith an outer VLAN IDwithin the VLAN range
specified at the [interfaces] hierarchy level.
g. Specify the inner VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags inner $junos-vlan-id
The variable is dynamically replaced with an inner VLAN ID within the VLAN range
specified at the [interfaces] hierarchy level.
Copyright © 2018, Juniper Networks, Inc.14
Broadband Subscriber ManagementWholesale Feature Guide
h. Access the family type.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# edit family inet
i. (Optional) Enable IP andMACaddress validation for dynamic IP demux interfaces
in a dynamic profile.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit" family inet]
user@host# setmac-validate strict
j. (Optional) Specify the unnumbered address and preferred source address.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit" family inet]
user@host# set unnumbered-address lo.0 preferred-source-address 127.33.0.1
2. Associate the dynamic profile with the interface onwhich the dynamic VLANswill be
created.
a. Access the interface that you want to use for creating VLANs.
[edit interfaces]user@host# edit interfaces ge-2/3/0
b. Specify the use of stacked VLAN tagging.
[edit interfaces ge-2/3/0]user@host# set stacked-vlan-tagging
c. Specify that you want to automatically configure VLAN interfaces.
[edit interfaces ge-2/3/0]user@host# edit auto-configure
d. Specify that you want to configure stacked VLANs.
[edit interfaces ge-2/3/0 auto-configure]user@host# edit stacked-vlan-ranges
e. Specify the dynamic VLAN profile that you want the interface to use.
[edit interfaces ge-2/3/0 auto-configure stacked-vlan-ranges]user@host# set dynamic-profile VLAN-PROF
f. Repeat steps a through e for any other interfaces that you want to use for creating
VLANs.
3. Specify the Ethernet packet type that the VLAN dynamic profile can accept.
15Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
[edit interfaces ge-2/3/0 auto-configure stacked-vlan-ranges dynamic-profileVLAN-PROF]
user@host# set accept inet
4. Define VLAN ranges for use by the dynamic profile when dynamically creating VLAN
IDs. For this solution, specify the outer and inner stacked VLAN ranges that you want
the dynamic profile to use. The following example specifies an outer stacked VLAN
ID range of 3–3 (enabling only the outer range of 3) and an inner stacked VLAN ID
range of 1–3 (enabling a range from 1 through 3 for the inner stacked VLAN ID).
[edit interfaces ge-0/0/0 auto-configure stacked-vlan-ranges dynamic-profileVLAN-PROF]
user@host# set stacked-vlan-ranges 3–3,1–3
Configuring Access Components for the DHCP Layer 3Wholesale Network Solution
Whenconfiguringawholesalenetwork, youmust configure several components globally.
This configuration provides access to RADIUS servers that you want the wholesaler and
any configured retailers to use globally. The access configuration includes the following
general steps:
• Configuring RADIUS Server Access on page 16
• Configuring a DHCPWholesaler Access Profile on page 16
• Configuring DHCP Retailer Access Profiles on page 17
Configuring RADIUS Server Access
You can globally define any RADIUS servers in your network that either the wholesale
access profile or retailer access profile can use. After you define the global RADIUS
servers, you can specify specific RADIUS servers within individual access profiles.
To define RADIUS servers for profile access:
1. Access the [edit access radius-server] hierarchy level.
[edit ]user@host# edit access radius-server
2. Specify the address and secret for any RADIUS servers in the network.
[edit access radius-server]user@host# set 192.168.10.1 secret $ABC123$ABC123$ABC123user@host# set 10.10.10.1 secret $ABC123$ABC123
See Also Configuring Router or Switch Interaction with RADIUS Servers•
Configuring a DHCPWholesaler Access Profile
Youmust define the network and interface over which you want subscribers to initially
access the network with a wholesale access profile. When a subscriber attempts to
Copyright © 2018, Juniper Networks, Inc.16
Broadband Subscriber ManagementWholesale Feature Guide
access the network, the access profile provides initial access information including
authentication and accounting values that the router uses for the accessing subscriber.
To define a wholesale access profile:
1. Create the wholesale access profile.
[edit]user@host# edit access-profileWholesaler_Access
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profileWholesaler1]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profileWholesaler1]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profileWholesaler1 radius]user@host# set authentication-server 192.168.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profileWholesaler1 radius]user@host# set accounting-server 192.168.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
See Also Configuring Authentication and Accounting Parameters for Subscriber Access•
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring RADIUS Server Parameters for Subscriber Access
• Configuring Per-Subscriber Session Accounting
Configuring DHCP Retailer Access Profiles
In this solution, subscribers are redirected toanetworking spaceusedbya specific retailer
anddefinedbyaunique routing instance.Thismethod requires that youdefine thenetwork
and interfaceoverwhichyouwantsubscribers toaccess thenetworkafterbeing redirected
by the wholesale access profile.
17Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
To define a retailer access profile:
1. Create the retailer access profile.
[edit]user@host# edit access-profile Retailer_Access1
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile Retailer1]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profile Retailer1]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile Retailer1 radius]user@host# set authentication-server 10.10.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profile Retailer1 radius]user@host# set accounting-server 10.10.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
See Also Configuring Authentication and Accounting Parameters for Subscriber Access•
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring RADIUS Server Parameters for Subscriber Access
• Configuring Per-Subscriber Session Accounting
Configuring Dynamic Profiles for the DHCPv4 Layer 3Wholesale Network Solution
A dynamic profile is a set of characteristics, defined in a type of template, that you can
use to provide services for broadband applications. These services are assigned
dynamically to interfaces as they access the network.When configuring dynamic profiles
for the DHCPv4 Layer 3 wholesale network, you can choose to configure one dynamic
profile toaddressall incomingsubscribersor youcanconfigure individual dynamicprofiles
for use by the different network management groups (that is, the wholesaler and any
Copyright © 2018, Juniper Networks, Inc.18
Broadband Subscriber ManagementWholesale Feature Guide
retailers). In fact, you can create multiple dynamic profiles that you can use to roll out
different services and selectively apply those dynamic profiles to different subscriber
groups as necessary.
In this solution example, one dynamic profile is created for use by the wholesaler when
subscribers initially access the network. Other dynamic profiles are created for the
subscribers for each individual retailer to use after they are redirected to that retailer
network space.
• Configuring aWholesale Dynamic Profile for use in the DHCPv4 Solution on page 19
• Configuring a Dynamic Profile for use by a Retailer in the DHCPv4 Solution on page 20
Configuring aWholesale Dynamic Profile for use in the DHCPv4 Solution
You can configure a basic access profile to initially manage subscribers that access the
network.
To configure a dynamic profile for use by the wholesaler:
1. Create a wholesale dynamic profile.
[edit]user@host# edit dynamic-profilesWholesaler_Profile
2. Specify that you want to configure the demux0 interface in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit interfaces demux0
3. Configure the unit for the demux0 interface.
a. Configure the variable for the unit number of the demux0 interface.
The variable is dynamically replaced with the unit number that DHCP supplies
when the subscriber logs in.
[edit dynamic-profiles Subscriber_Profile_Retail1 demux0]user@host# edit unit $junos-interface-unit
b. Configure the variable for the underlying interface of the demux interfaces and
specify the $junos-underlying-interface variable.
The variable is dynamically replaced with the underlying interface that DHCP
supplies when the subscriber logs in.
[edit dynamic-profiles Subscriber_Profile_Retail1 interfaces demux0 unit“$junos-interface-unit”]
user@host# set demux-options underlying-interface $junos-underlying-interface
4. Configure the family for the demux interfaces.
a. Specify that you want to configure the family.
[edit dynamic-profiles Subscriber_Profile_Retail1 interfaces demux0 unit“$junos-interface-unit”]
19Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
user@host# edit family inet
b. Configure the unnumbered address for the family.
[editdynamic-profilesSubscriber_Profile_Retail1demux0unit “$junos-interface-unit”family inet6]
user@host# set unnumbered-address lo0.0
c. Configure the variable for the IPv4 address of the demux interface.
The variable is dynamically replaced with the IPv4 address that DHCP supplies
when the subscriber logs in.
[editdynamic-profilesbusiness-profile interfacesdemu0unit “$junos-interface-unit”]user@host# set demux-source $junos-subscriber-ip-address
Configuring a Dynamic Profile for use by a Retailer in the DHCPv4 Solution
To configure a dynamic profile for use with retailer access:
1. Create a retail dynamic profile.
[edit]user@host# edit dynamic-profiles Subscriber_Profile_Retail1
2. Define the dynamic routing instance variable in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit routing-instances $junos-routing-instance
3. Set the dynamic interface variable for the dynamic routing instance.
[edit dynamic-profiles Subscriber_Profile_Retail1 routing-instances“$junos-routing-instance”]
user@host# set interface $junos-interface-name
4. Specify that you want to configure the demux0 interface in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit interfaces demux0
5. Configure the unit for the demux0 interface.
a. Configure the variable for the unit number of the demux0 interface.
The variable is dynamically replaced with the unit number that DHCP supplies
when the subscriber logs in.
[edit dynamic-profiles Subscriber_Profile_Retail1 demux0]user@host# edit unit $junos-interface-unit
b. Configure the variable for the underlying interface of the demux interfaces and
specify the $junos-underlying-interface variable.
Copyright © 2018, Juniper Networks, Inc.20
Broadband Subscriber ManagementWholesale Feature Guide
The variable is dynamically replaced with the underlying interface that DHCP
supplies when the subscriber logs in.
[edit dynamic-profiles Subscriber_Profile_Retail1 interfaces demux0 unit“$junos-interface-unit”]
user@host# set demux-options underlying-interface $junos-underlying-interface
6. Configure the family for the demux interfaces.
a. Specify that you want to configure the family.
[edit dynamic-profiles Subscriber_Profile_Retail1 interfaces demux0 unit“$junos-interface-unit”]
user@host# edit family inet
b. Configure the unnumbered address for the family.
[editdynamic-profilesSubscriber_Profile_Retail1demux0unit “$junos-interface-unit”family inet6]
user@host# set unnumbered-address lo0.0
c. Configure the variable for the IPv6 address of the demux interface.
The variable is dynamically replaced with the IPv6 address that DHCP supplies
when the subscriber logs in.
[editdynamic-profilesbusiness-profile interfacesdemu0unit “$junos-interface-unit”]user@host# set demux-source $junos-subscriber-ip-address
Configuring Separate Routing Instances for DHCPv4 Service Retailers
As the owner of the system, the wholesaler typically uses the default routing instance.
Youmust create separate routing instances for each individual retailer to keep routing
information for individual retailers separate and to define any servers and forwarding
options specific to each retailer.
To define a retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances RetailerInstance1
2. Specify the routing instance type for the retailer.
[edit routing-instances “RetailerInstance1”]user@host# set instance-type vrf
3. Specify the access profile that you want the routing instance to use.
[edit routing-instances “RetailerInstance1”]user@host# set access-profile Retailer1
21Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
4. Specify the interface that faces the Retailer1 RADIUS server.
[edit routing-instances “RetailerInstance1”]user@host# set interface ge-11/1/9.10
5. Specify the interface that faces the Retailer1 DHCP server.
[edit routing-instances “RetailerInstance1”]user@host# set interface ge-11/1/10.100
6. Specify the loopback interface unit for this routing instance.
[edit routing-instances “RetailerInstance1”]user@host# set interface lo0.1
NOTE: Loopback interfacesmust be unique for each routing instance.
7. Access the DHCP Relay forwarding options hierarchy for the routing instance.
[edit routing-instances “RetailerInstance1”]user@host# edit forwarding-options dhcp-relay
NOTE: The configuration for this wholesale solution uses DHCP Relay.However, you can also configure DHCP Proxy Relay or DHCP Local Serverfor the DHCP Layer 3 wholesale network.
8. Specify that you want to configure authentication options and use external AAA
authentication services.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# edit authentication
9. (Optional) Configure a password that authenticates the username to the external
authentication service.
See Configuring Passwords for Usernames.
10. (Optional) Configure optional features to create a unique username.
See Creating Unique Usernames for DHCP Clients.
11. Specify the default dynamic profile that you want to attach to DHCP subscriber for
this retailer.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# set dynamic-profile Subscriber_Profile_Retail1
12. Specify any overrides for the default DHCP Relay configuration.
Copyright © 2018, Juniper Networks, Inc.22
Broadband Subscriber ManagementWholesale Feature Guide
SeeOverriding the Default DHCP Relay Configuration Settings.
13. Configure a named server group for the retailer.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# edit server-group Retailer1_Group
14. Specify the DHCP server address for the retailer group.
[edit routing-instances “RetailerInstance1” forwarding-optionsdhcp-relay server-group“Retailer1_Group”]
user@host# set 10.10.100.1
15. Specify the retailer group as the active server group for this routing instance.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# set active-server-group Retailer1_Group
16. Configure a group you can use to define the retailer dynamic profile andDHCP access
interface.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay]user@host# edit group Retailer1_Group
17. Specify the dynamic profile that the retailer DHCP subscribers use.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay group“Retailer1_Group”]
user@host# set dynamic-profile Subscriber_Profile_Retailer1
18. Specify the retailer interface that the retailer DHCP subscribers use.
[edit routing-instances “RetailerInstance1” forwarding-options dhcp-relay group“Retailer1_Group”]
user@host# set interface ge-2/3/0.2
19. (Optional) Configure any passwords that authenticate the username to the external
authentication service for the retailer groups that you created.
See Configuring Passwords for Usernames.
20. (Optional) Configure any unique username values for the retailer groups that you
created.
See Creating Unique Usernames for DHCP Clients.
21. (Optional) Specify any overrides for any of the DHCP Relay group configurations that
you created.
SeeOverriding the Default DHCP Relay Configuration Settings.
22. Repeat this procedure for other retailers.
23Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
RelatedDocumentation
Configure Default Forwarding Options for the DHCPv4Wholesale Network Solution
You can use DHCP Relay, DHCP Relay Proxy, or DHCP Local Server configuration in a
DHCPwholesale network. DHCPconfiguration is definedat the [edit forwarding-options]
hierarchy level.
NOTE: The configuration for this wholesale solution uses DHCP Relay.
To configure DHCPv4 Relay forwarding options:
1. Access the [edit forwarding-options dhcp-relay] hierarchy.
[edit]user@host# edit forwarding-options dhcp-relay
2. Specify that you want to configure authentication options and use external AAA
authentication services.
[edit forwarding-options dhcp-relay]user@host# edit authentication
3. (Optional) Configure a password that authenticates the username to the external
authentication service.
See Configuring Passwords for Usernames.
4. (Optional) Configure optional features to create a unique username.
See Creating Unique Usernames for DHCP Clients.
5. Specify the default dynamic profile that you want to attach to all DHCP subscriber
that access the router.
[edit forwarding-options dhcp-relay]user@host# set dynamic-profileWholesaler_Profile
6. Specify any overrides for the default DHCP Relay configuration.
SeeOverriding the Default DHCP Relay Configuration Settings.
7. Configure a named server group for default (wholesaler) DHCP server access.
[edit forwarding-options dhcp-relay]user@host# edit server-groupWholesaler_Group
8. Specify the DHCP server address for the default (wholesale) group.
Copyright © 2018, Juniper Networks, Inc.24
Broadband Subscriber ManagementWholesale Feature Guide
[edit forwarding-options dhcp-relay server-group “Wholesaler_Group”]user@host# set 192.168.100.1
9. Specify the default (wholesale) group as the active server group.
[edit forwarding-options dhcp-relay]user@host# set active-server-groupWholesaler_Group
10. Configure a group you can use to define the wholesale DHCP access interface.
[edit forwarding-options dhcp-relay]user@host# edit groupWholesaler_Group
11. Specify the default (wholesale) interface that all DHCP subscribers use when first
accessing the router.
[edit forwarding-options dhcp-relay group “Wholesaler_Group”]user@host# set interface ge-2/3/0.1
12. Configure a group you can use to define a retail DHCP interface.
[edit forwarding-options dhcp-relay]user@host# edit group Retailer1_Group
13. Specify the logical interface the DHCP subscribers use once redirected.
[edit forwarding-options dhcp-relay group “Retailer1_Group”]user@host# set interface ge-2/3/0.2
14. Repeat steps 12 and 13 for other retailer groups.
In this solution example, you configure another group name of “Retailer2_Group” and
specify ge-2/3/0.3 for the logical interface.
15. (Optional) Configure any passwords that authenticate the username to the external
authentication service for any of the groups that you created.
See Configuring Passwords for Usernames.
16. (Optional) Configure optional features to create a unique username for any of the
groups that you created.
See Creating Unique Usernames for DHCP Clients.
17. (Optional) Specify any overrides for any of the DHCP Relay group configurations that
you created.
SeeOverriding the Default DHCP Relay Configuration Settings.
RelatedDocumentation
Extended DHCP Relay Agent Overview•
• DHCP Relay Proxy Overview
25Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
• Configuring Passwords for Usernames
• Creating Unique Usernames for DHCP Clients
• Overriding the Default DHCP Relay Configuration Settings
Example:Wholesaler Dynamic Profile for a DHCPv4Wholesale Network
This example specifies a dynamic profile name ofWholesaler_Profile, uses dynamic IP
demux interfaces, and references the predefined input firewall filter.
dynamic-profiles {Wholesaler_Profile {interfaces {demux0 {unit "$junos-interface-unit" {demux-options {underlying-interface "$junos-underlying-interface";
}family inet {demux-source {$junos-subscriber-ip-address;
}filter {input "$junos-input-filter";
}unnumbered-address "$junos-loopback-interface"preferred-source-address$junos-preferred-source-address;
}}
}}
}
RelatedDocumentation
Configuring Dynamic Profiles for the DHCPv4 Layer 3Wholesale Network Solution on
page 18
•
Example: Retailer Dynamic Profile for a DHCPv4Wholesale Network
dynamic-profiles {Subscriber_Profile_Retailer1 {routing-instances {"$junos-routing-instance" {interface "$junos-interface-name";
}}interfaces {demux0 {unit "$junos-interface-unit" {demux-options {underlying-interface "$junos-underlying-interface";
}family inet {
Copyright © 2018, Juniper Networks, Inc.26
Broadband Subscriber ManagementWholesale Feature Guide
demux-source {"$junos-subscriber-ip-address";
}unnumbered-address "$junos-loopback-interface"preferred-source-address"$junos-preferred-source-address";
}}
}}
}
RelatedDocumentation
Configuring Dynamic Profiles for the DHCPv4 Layer 3Wholesale Network Solution on
page 18
•
Example:DefaultForwardingOptionsConfigurationfortheDHCPv4WholesaleNetwork
forwarding-options {dhcp-relay {traceoptions {file size 1g;inactive: flag all;
}authentication {password $ABC123;username-include {user-prefixWholesaleNetwork;
}}dynamic-profileWholesaler_Profile;overrides {always-write-giaddr;always-write-option-82;layer2-unicast-replies;trust-option-82;client-discover-match;
}server-group {Wholesaler-Server-Group {192.168.100.1;
}}active-server-groupWholesaler-Server Group;groupWholesaler-Group {authentication {password $ABC123;username-include {user-prefixWholesaleNetwork;
}}interface ge-2/3/0.1;
}group Retailer1-Group {authentication {password $ABC123$ABC123;
27Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
username-include {user-prefixWholesaleNetwork_Retailer1;
}}interface ge-2/3/0.2;
}group Retailer2-Group {authentication {password $ABC123$ABC123$ABC123;username-include {user-prefixWholesaleNetwork_Retailer1;
}}interface ge-2/3/0.3;
}}
}
RelatedDocumentation
Configure Default Forwarding Options for the DHCPv4Wholesale Network Solution
on page 24
•
Example: Retailer Routing Instances for a DHCPv4Wholesale Network
routing-instances {Retailer_Instance1 {instance-type vrf;access-profile Retailer_Access1;interface ge-11/1/9.10;interface ge-11/1/10.100;interface lo0.1;route-distinguisher 1:1;forwarding-options {dhcp-relay {authentication {password $ABC123$ABC123;username-include {user-prefixWholesaleNetwork_Retailer1;
}}dynamic-profile Subscriber_Profile_Retailer1;overrides {always-write-giaddr;always-write-option-82;layer2-unicast-replies;trust-option-82;client-discover-match;
}server-group {Retailer1-Server-Group {10.10.100.1;
}}active-server-group Retailer1-Server-Group;group Retailer1-Group {
Copyright © 2018, Juniper Networks, Inc.28
Broadband Subscriber ManagementWholesale Feature Guide
authentication {password $ABC123$ABC123;username-include {user-prefixWholesaleNetwork_Retailer1;
}}dynamic-profile Subscriber_Profile_Retailer1;overrides {always-write-giaddr;trust-option-82;client-discover-match;
}interface ge-2/3/0.2;
}}
}}Retailer_Instance2 {instance-type vrf;access-profile Retailer_Access2;interface ge-7/1/9.10;interface ge-7/1/9.100;interface lo0.2;route-distinguisher 2:2;forwarding-options {dhcp-relay {authentication {password $ABC123$ABC123$ABC123;username-include {user-prefixWholesaleNetwork_Retailer2;
}}dynamic-profile Subscriber_Profile_Retailer2;overrides {always-write-giaddr;trust-option-82;client-discover-match;
}server-group {Retailer2-Group {10.20.200.1;
}}active-server-group Retailer2-Group;group Retailer2-Group {authentication {password $ABC123$ABC123$ABC123;username-include {user-prefix psswd2;
}}dynamic-profile Subscriber_Profile_Retailer2;overrides {always-write-giaddr;trust-option-82;client-discover-match;
29Copyright © 2018, Juniper Networks, Inc.
Chapter 2: Configuring DHCPv4 Layer 3Wholesale Networks
}interface ge-2/3/0.3;
}}
}}
}
RelatedDocumentation
• Configuring Separate Routing Instances for DHCPv4 Service Retailers on page 21
Copyright © 2018, Juniper Networks, Inc.30
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 3
Configuring DHCPv6 Layer 3WholesaleNetworks
• Broadband Subscriber Management DHCPv6 Layer 3Wholesale Topology and
Configuration Elements on page 31
• DHCPv6 Layer 3Wholesale Network Topology Overview on page 33
• ConfiguringLoopback Interfaces for theDHCPv6Layer3WholesaleSolutiononpage34
• Configuring VLANs for the DHCPv6 Layer 3Wholesale Network Solution on page 34
• Configuring Access Components for the DHCP Layer 3Wholesale Network
Solution on page 37
• Configuring Dynamic Profiles for the DHCPv6 Layer 3Wholesale Network
Solution on page 40
• Configuring Separate Routing Instances for DHCPv6 Service Retailers on page 43
• Configuring Address Server Elements for the DHCPv6 Layer 3Wholesale
Solution on page 43
• Example: Retailer Dynamic Profile for a DHCPv6Wholesale Network on page 47
• Example: Retailer Routing Instances for a DHCPv6Wholesale Network on page 47
• Example:DHCPv6AddressAssignmentPoolThatProvidesFull 128-bit IPV6Addresses
for a DHCPv6Wholesale Network on page 48
• Example: DHCPv6 Address Assignment Pool That Provides 74-bit IPV6 Prefixes for a
DHCPv6Wholesale Network on page 48
• Example: ExtendedDHCPv6LocalServer for aDHCPv6WholesaleNetworkonpage48
Broadband Subscriber Management DHCPv6 Layer 3Wholesale Topology andConfiguration Elements
Thenetwork topology for thesubscribermanagementDHCPv6Layer3wholesalesolution
includes configuring separate routing instances for individual retailers that use a portion
of the router. This solution uses a DHCPv6 local server configuration.
NOTE: Only DHCPv6 local server is currently supported for DHCPv6 Layer 3wholesale configuration.
31Copyright © 2018, Juniper Networks, Inc.
To explain the concept, but to limit complexity, this solution provides a configuration
with one wholesaler and only two retailers. Figure 3 on page 32 illustrates a basic Layer
3 wholesale topology model fromwhich you can expand.
Figure 3: Basic Subscriber Management DHCPv6 Layer 3WholesaleSolution Topology
MSAN
MSAN
Retailer 1
serverRADIUS
Wholesaler
serverRADIUS
Retailer 2
serverRADIUS
Wholesaler Network Space
g017
501
MX Series
Retailer 1 Network Space
Retailer 2 Network Space
A DHCPv6 Layer 3 wholesale network solution can use various combinations of the
following configuration elements:
• Subscriber network VLAN configuration
• DHCPv6 configuration (local server only)
• RADIUS server access configuration
• Dynamic profile configuration for default (wholesaler) access
• Dynamic profile configuration for retailer access (following subscriber redirection, if
applicable)
• Routing instance configuration for individual retailers
• Group configuration and forwarding options for the network
• Core network configuration
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• DHCPv6 Layer 3Wholesale Network Topology Overview on page 33
Copyright © 2018, Juniper Networks, Inc.32
Broadband Subscriber ManagementWholesale Feature Guide
DHCPv6 Layer 3Wholesale Network Topology Overview
This configuration explains how to configure a simple DHCPv6 Layer 3 wholesale
subscriber access network. This solution incorporates two retailers sharing resources on
a wholesaler router. Figure 4 on page 33 provides the reference topology for this
configuration example.
Figure 4: DHCPv6 Layer 3Wholesale Network Reference Topology
MSAN
GE-2/3/0
Retailer 1 Network Space
MSAN
GE-2/3/0
Retailer 1
serverRADIUS
Wholesaler
serverRADIUS
Retailer 2
serverRADIUS
Retailer 2 Network Space
Retailer 1 Network Elements
Access Network Interface:Loopback (lo0.1) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/02001:db8:2c2c:2c21::1/128Three (unit 2 to 4)GE-2/3/0.2 to GE-2/3/0.410.10.10.110.10.10.1Retailer_Access1
Routing Instance: Retailer_Instance1Dynamic Profile: Subscriber_Profile_Retail1
Access Network Interface:Loopback (lo0.2) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/02001:db8:2c2a:2c21::1/128Three (unit 5 to 7)GE-2/3/0.5 to GE-2/3/0.710.20.20.110.20.20.1Retailer_Access2
Routing Instance: Retailer_Instance2Dynamic Profile: Subscriber_Profile_Retail2 Wholesaler-Specific Network Elements
Access Network Interface:Loopback (lo0.0) Interface Address:
C-VLANs:Logical Interfaces:
RADIUS Authentication Server Address:RADIUS Accounting Server Address:
Access Profile:
GE-2/3/02001:db8:2c28:2c21::1/128One (unit 1)GE-2/3/0.1192.168.1.1192.168.1.1Wholesaler_Access
Routing Instance: Wholesaler_InstanceDynamic Profile: Wholesaler_Profile
MX Series
g017
502
Retailer 2 Network Elements
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
33Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
• Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements on page 9
Configuring Loopback Interfaces for the DHCPv6 Layer 3Wholesale Solution
Youmust configure loopback interfaces for use in the subscriber management access
network. The loopback interfaces are automatically used for unnumbered interfaces.
To configure loopback interfaces:
1. Edit the loopback interface.
[edit]user@host# edit interfaces lo0
2. Edit the unit for the loopback interface that you want to use for the wholesaler.
[edit interfaces lo0]user@host# edit unit 0
3. Edit the loopback interface family that belongs to the wholesaler.
[edit interfaces lo0 unit 0]user@host# edit family inet6
4. Specify the wholesale loopback interface address.
[edit interfaces lo0 unit 0]user@host# set address 2001:db8:2c28:2c21::1/128
5. Edit the unit for a retail loopback interface.
[edit interfaces lo0]user@host# edit unit 1
6. Edit the retail loopback interface family.
[edit interfaces lo0 unit 1]user@host# edit family inet6
7. Specify the retail loopback interface address.
[edit interfaces lo0 unit 1]user@host# set address 2001:db8:2c2c:2c21::1/128
8. Repeat steps 5 through 7 for additional retailers, making sure to use unique unit and
address values for each retailer loopback interface.
Configuring VLANs for the DHCPv6 Layer 3Wholesale Network Solution
You can configure either static or dynamic customer VLANs for use in the DHCPv6
wholesale network solution.
• Configuring Static Customer VLANs for the DHCPv6 Layer 3Wholesale Network
Solution on page 35
• Configuring Dynamic Customer VLANs for the DHCPv6 Layer 3Wholesale Network
Solution on page 35
Copyright © 2018, Juniper Networks, Inc.34
Broadband Subscriber ManagementWholesale Feature Guide
Configuring Static Customer VLANs for the DHCPv6 Layer 3Wholesale Network Solution
In this example configuration, the access interface (ge-2/3/0) connects to a device (that
is, a DSLAM) on the access side of the network. You can define static VLANs for use by
access network subscribers.
To configure the static VLANs:
1. Edit the access side interface.
[edit]user@host# edit interfaces ge-2/3/0
2. Specify the use of stacked VLAN tagging.
[edit interfaces ge-2/3/0]user@host# set stacked-vlan-tagging
3. Edit the interface unit for the first VLAN.
[edit interfaces ge-2/3/0]user@host# edit unit 1
4. Define the VLAN tags for the first VLAN.
[edit interfaces ge-2/3/0 unit 1]user@host# set vlan-tags outer 3 inner 1
5. Specify that you want to create IPv6 demux interfaces.
[edit interfaces ge-2/3/0 unit 1]user@host# set demux-source inet6
6. Edit the family for the first VLAN.
[edit interfaces ge-2/3/0 unit 1]user@host# edit family inet6
7. (Optional) Define the unnumbered address and the preferred source address for the
first VLAN.
[edit interfaces ge-2/3/0 unit 1 family inet6]user@host# set unnumbered-address lo0.1 preferred-source-address2001:db8:2c28:2c21::1/128
8. Repeat steps 2 through 7 for additional VLAN interface units.
Configuring Dynamic Customer VLANs for the DHCPv6 Layer 3Wholesale Network Solution
To configure dynamic VLANs for the solution:
1. Configure a dynamic profile for dynamic VLAN creation.
a. Name the profile.
[edit]user@host# edit dynamic-profiles VLAN-PROF
35Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
b. Define the interfaces statementwith the internal$junos-interface-ifd-namevariable
used by the router to match the interface name of the receiving interface.
[edit dynamic-profiles VLAN-PROF]user@host# edit interfaces $junos-interface-ifd-name
c. Define the unit statement with the predefined $junos-interface-unit variable:
[edit dynamic-profiles VLAN-PROF interfaces “$junos-interface-ifd-name”]user@host# edit unit $junos-interface-unit
d. Specify that you want to create IPv6 demux interfaces.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set demux-source inet6
e. Specify the VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags outer $junos-stacked-vlan-id
The variable is dynamically replacedwith an outer VLAN IDwithin the VLAN range
specified at the [interfaces] hierarchy level.
f. Specify the inner VLAN ID variable.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# set vlan-tags inner $junos-vlan-id
The variable is dynamically replaced with an inner VLAN ID within the VLAN range
specified at the [interfaces] hierarchy level.
g. Access the family type.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit"]
user@host# edit family inet6
h. (Optional) Specify the unnumbered address and preferred source address.
[edit dynamic-profiles VLAN-PROF interfaces "$junos-interface-ifd-name" unit"$junos-interface-unit" family inet6]
user@host# set unnumbered-address lo.0 preferred-source-address2001:db8:2c28:2c21::1/128
2. Associate thedynamicprofilewith the interfaceonwhichyouwant theVLANscreated.
a. Access the interface that you want to use for creating VLANs.
[edit interfaces]user@host# edit interfaces ge-2/3/0
Copyright © 2018, Juniper Networks, Inc.36
Broadband Subscriber ManagementWholesale Feature Guide
b. Specify the use of stacked VLAN tagging.
[edit interfaces ge-2/3/0]user@host# set stacked-vlan-tagging
c. Specify that you want to automatically configure VLAN interfaces.
[edit interfaces ge-2/3/0]user@host# edit auto-configure
d. Specify that you want to configure stacked VLANs.
[edit interfaces ge-2/3/0 auto-configure]user@host# edit stacked-vlan-ranges
e. Specify the dynamic VLAN profile that you want the interface to use.
[edit interfaces ge-2/3/0 auto-configure stacked-vlan-ranges]user@host# set dynamic-profile VLAN-PROF
f. Repeat steps a through e for any other interfaces that you want to use for creating
VLANs.
3. Specify the Ethernet packet type that the VLAN dynamic profile can accept.
[edit interfaces ge-2/3/0 auto-configure stacked-vlan-ranges dynamic-profileVLAN-PROF]
user@host# set accept inet6
4. Define VLAN ranges for use by the dynamic profile when dynamically creating VLAN
IDs. For this solution, specify the outer and inner stacked VLAN ranges that you want
the dynamic profile to use. The following example specifies an outer stacked VLAN
ID range of 3–3 (enabling only the outer range of 3) and an inner stacked VLAN ID
range of 1–3 (enabling a range from 1 through 3 for the inner stacked VLAN ID).
[edit interfaces ge-0/0/0 auto-configure stacked-vlan-ranges dynamic-profileVLAN-PROF]
user@host# set stacked-vlan-ranges 3–3,1–3
Configuring Access Components for the DHCP Layer 3Wholesale Network Solution
Whenconfiguringawholesalenetwork, youmust configure several components globally.
This configuration provides access to RADIUS servers that you want the wholesaler and
any configured retailers to use globally. The access configuration includes the following
general steps:
• Configuring RADIUS Server Access on page 38
• Configuring a DHCPWholesaler Access Profile on page 38
• Configuring DHCP Retailer Access Profiles on page 39
37Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
Configuring RADIUS Server Access
You can globally define any RADIUS servers in your network that either the wholesale
access profile or retailer access profile can use. After you define the global RADIUS
servers, you can specify specific RADIUS servers within individual access profiles.
To define RADIUS servers for profile access:
1. Access the [edit access radius-server] hierarchy level.
[edit ]user@host# edit access radius-server
2. Specify the address and secret for any RADIUS servers in the network.
[edit access radius-server]user@host# set 192.168.10.1 secret $ABC123$ABC123$ABC123user@host# set 10.10.10.1 secret $ABC123$ABC123
See Also Configuring Router or Switch Interaction with RADIUS Servers•
Configuring a DHCPWholesaler Access Profile
Youmust define the network and interface over which you want subscribers to initially
access the network with a wholesale access profile. When a subscriber attempts to
access the network, the access profile provides initial access information including
authentication and accounting values that the router uses for the accessing subscriber.
To define a wholesale access profile:
1. Create the wholesale access profile.
[edit]user@host# edit access-profileWholesaler_Access
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profileWholesaler1]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profileWholesaler1]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profileWholesaler1 radius]user@host# set authentication-server 192.168.10.1
5. Specify the IP address of the RADIUS server used for accounting.
Copyright © 2018, Juniper Networks, Inc.38
Broadband Subscriber ManagementWholesale Feature Guide
[edit access profileWholesaler1 radius]user@host# set accounting-server 192.168.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
See Also Configuring Authentication and Accounting Parameters for Subscriber Access•
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring RADIUS Server Parameters for Subscriber Access
• Configuring Per-Subscriber Session Accounting
Configuring DHCP Retailer Access Profiles
In this solution, subscribers are redirected toanetworking spaceusedbya specific retailer
anddefinedbyaunique routing instance.Thismethod requires that youdefine thenetwork
and interfaceoverwhichyouwantsubscribers toaccess thenetworkafterbeing redirected
by the wholesale access profile.
To define a retailer access profile:
1. Create the retailer access profile.
[edit]user@host# edit access-profile Retailer_Access1
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile Retailer1]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profile Retailer1]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile Retailer1 radius]user@host# set authentication-server 10.10.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profile Retailer1 radius]user@host# set accounting-server 10.10.10.1
39Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
See Also Configuring Authentication and Accounting Parameters for Subscriber Access•
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring RADIUS Server Parameters for Subscriber Access
• Configuring Per-Subscriber Session Accounting
Configuring Dynamic Profiles for the DHCPv6 Layer 3Wholesale Network Solution
A dynamic profile is a set of characteristics, defined in a type of template, that you can
use to provide services for broadband applications. These services are assigned
dynamically to interfaces as they access the network.When configuring dynamic profiles
for the DHCPv6 Layer 3 wholesale network, you can choose to configure one dynamic
profile toaddressall incomingsubscribersor youcanconfigure individual dynamicprofiles
for use by the different network management groups (that is, the wholesaler and any
retailers). In fact, you can create multiple dynamic profiles that you can use to roll out
different services and selectively apply those dynamic profiles to different subscriber
groups as necessary.
In this solution example, one dynamic profile is created for use by the wholesaler when
subscribers initially access the network. Other dynamic profiles are created for the
subscribers for each individual retailer to use after they are redirected to that retailer
network space.
• Configuring aWholesale Dynamic Profile for use in the DHCPv6 Solution on page 40
• Configuring a Dynamic Profile for use by Each Retailer in the DHCPv6
Solution on page 41
Configuring aWholesale Dynamic Profile for use in the DHCPv6 Solution
You can configure a basic access profile to initially manage subscribers that access the
network.
To configure a dynamic profile for use by the wholesaler:
1. Create a wholesale dynamic profile.
[edit]user@host# edit dynamic-profilesWholesaler_Profile
2. Specify that you want to configure the demux0 interface in the dynamic profile.
[edit dynamic-profilesWholesaler_Profile]
Copyright © 2018, Juniper Networks, Inc.40
Broadband Subscriber ManagementWholesale Feature Guide
user@host# edit interfaces demux0
3. Configure the unit for the demux0 interface.
a. Configure the variable for the unit number of the demux0 interface.
The variable is dynamically replaced with the unit number that DHCP supplies
when the subscriber logs in.
[edit dynamic-profilesWholesaler_Profile demux0]user@host# edit unit $junos-interface-unit
b. Configure the variable for the underlying interface of the demux interfaces and
specify the $junos-underlying-interface variable.
The variable is dynamically replaced with the underlying interface that DHCP
supplies when the subscriber logs in.
[edit dynamic-profilesWholesaler_Profile interfaces demux0 unit“$junos-interface-unit”]
user@host# set demux-options underlying-interface $junos-underlying-interface
4. Configure the family for the demux interfaces.
a. Specify that you want to configure the family.
[edit dynamic-profilesWholesaler_Profile interfaces demux0 unit“$junos-interface-unit”]
user@host# edit family inet6
b. Configure the unnumbered address for the family.
[edit dynamic-profilesWholesaler_Profile demux0 unit “$junos-interface-unit”family inet6]
user@host# set unnumbered-address lo0.0
c. Configure the variable for the IPv6 address of the demux interface.
The variable is dynamically replaced with the IPv6 address that DHCP supplies
when the subscriber logs in.
[edit dynamic-profilesWholesaler_Profile interfaces demu0 unit“$junos-interface-unit”]
user@host# set demux-source $junos-subscriber-ipv6-address
Configuring a Dynamic Profile for use by Each Retailer in the DHCPv6 Solution
To configure a dynamic profile for use with retailer access:
1. Create a retail dynamic profile.
[edit]user@host# edit dynamic-profiles Subscriber_Profile_Retail1
41Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
2. Define the dynamic routing instance variable in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit routing-instances $junos-routing-instance
3. Set the dynamic interface variable for the dynamic routing instance.
[edit dynamic-profiles Subscriber_Profile_Retail1 routing-instances“$junos-routing-instance”]
user@host# set interface $junos-interface-name
4. Specify that you want to configure the demux0 interface in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit interfaces demux0
5. Configure the unit for the demux0 interface.
a. Configure the variable for the unit number of the demux0 interface.
The variable is dynamically replaced with the unit number that DHCP supplies
when the subscriber logs in.
[edit dynamic-profiles Subscriber_Profile_Retail1 demux0]user@host# edit unit $junos-interface-unit
b. Configure the variable for the underlying interface of the demux interfaces and
specify the $junos-underlying-interface variable.
The variable is dynamically replaced with the underlying interface that DHCP
supplies when the subscriber logs in.
[edit dynamic-profiles Subscriber_Profile_Retail1 interfaces demux0 unit“$junos-interface-unit”]
user@host# set demux-options underlying-interface $junos-underlying-interface
6. Configure the family for the demux interfaces.
a. Specify that you want to configure the family.
[edit dynamic-profiles Subscriber_Profile_Retail1 interfaces demux0 unit“$junos-interface-unit”]
user@host# edit family inet6
b. Configure the unnumbered address and preferred source address for the family.
[editdynamic-profilesSubscriber_Profile_Retail1demux0unit “$junos-interface-unit”family inet6]
user@host# set unnumbered-address $junos-loopback-interfacepreferred-source-address $junos-preferred-source-address
c. Configure the variable that identifies the demux interface on the logical interface.
The variable is dynamically replaced with the IPv6 address that DHCP supplies
when the subscriber logs in.
Copyright © 2018, Juniper Networks, Inc.42
Broadband Subscriber ManagementWholesale Feature Guide
[editdynamic-profilesbusiness-profile interfacesdemu0unit “$junos-interface-unit”]user@host# set demux-source $junos-subscriber-ipv6-address
Configuring Separate Routing Instances for DHCPv6 Service Retailers
As the owner of the system, the wholesaler typically uses the default routing instance.
Youmust create separate routing instances for each individual retailer to keep routing
information for individual retailers separate and to define any servers and forwarding
options specific to each retailer.
To define a retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances Retailer_Instance1
2. Specify the routing instance type for the retailer.
[edit routing-instances “Retailer_Instance1”]user@host# set instance-type vrf
3. Specify the access profile that you want the routing instance to use.
[edit routing-instances “Retailer_Instance1”]user@host# set access-profile Retailer_Access1
4. Specify the interface that faces the Retailer1 RADIUS server.
[edit routing-instances “Retailer_Instance1”]user@host# set interface ge-11/1/9.10
5. Specify the loopback interface unit for this routing instance.
[edit routing-instances “RetailerInstance1”]user@host# set interface lo0.1
NOTE: Loopback interfacesmust be unique for each routing instance.
6. Repeat this procedure for other retailers.
RelatedDocumentation
Configuring Address Server Elements for the DHCPv6 Layer 3Wholesale Solution
• Configuring a DHCPv6 Address Assignment Pool on page 44
• Configuring Extended DHCPv6 Local Server on page 45
43Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
Configuring a DHCPv6 Address Assignment Pool
Address assignment pools enable you to specify groups of IPv6 addresses that different
client applications can share. In this configuration, the extended DHCPv6 local server
configurationuses theaddresspool toprovideaddresses tosubscribers thatareaccessing
thenetwork.Youmust create separateaddressassignmentpools for each retailer routing
instance.
You can create address assignment pools that provide full 128 bit IPv6 addresses or
pools that provide prefixes of a specified length.
To configure an address assignment pool that provides full 128 -bit IPv6 addresses:
1. Create and name an address assignment pool.
[edit]user@host# edit access address-assignment pool AddressPool_1
2. Edit the address pool family.
[edit access address-assignment pool AddressPool_1]user@host# edit family inet6
3. Define the IPv6 network prefix.
[edit access address-pool AddressPool_1 family inet6]user@host# set prefix 2001:db8:2121::0/64
4. Define a named address range for the pool of IPv6 addresses.
[edit access address-assignment pool AddressPool_1 family inet6]user@host# set range Range1 low 2001:db8:2121::a/128user@host# set range Range1 high 2001:db8:2121::7ffe/128
5. (Optional) Edit the family DHCP attributes.
[edit access address-assignment pool AddressPool_1 family inet6]user@host# edit dhcp-attributes
6. (Optional) Set the maximum lease time.
[edit access address-assignment pool AddressPool_1 family inet dhcp-attributes]user@host# setmaximum-lease-time 3600
7. (Optional) Set the grace period.
[edit access address-assignment pool AddressPool_1 family inet dhcp-attributes]user@host# set grace-period 60
To configure an address assignment pool that provides shorter, 74-bit IPv6 prefixes:
1. Create and name an address assignment pool.
Copyright © 2018, Juniper Networks, Inc.44
Broadband Subscriber ManagementWholesale Feature Guide
[edit]user@host# edit access address-assignment pool AddressPool_2
2. Edit the address pool family.
[edit access address-assignment pool AddressPool_2]user@host# edit family inet6
3. Define the IPv6 network prefix.
[edit access address-pool AddressPool_2 family inet6]user@host# set prefix 2001:db8:2222::0/64
4. Define a named address range limit for the pool of IPv6 addresses.
[edit access address-assignment pool AddressPool_2 family inet6]user@host# set range BitLimit prefix-length 74
5. (Optional) Edit the family DHCP attributes.
[edit access address-assignment pool AddressPool_2 family inet6]user@host# edit dhcp-attributes
6. (Optional) Set the maximum lease time.
[edit access address-assignment pool AddressPool_2 family inet dhcp-attributes]user@host# setmaximum-lease-time 3600
7. (Optional) Set the grace period.
[edit access address-assignment pool AddressPool_2 family inet dhcp-attributes]user@host# set grace-period 60
Configuring Extended DHCPv6 Local Server
You can enable the MX Series router to function as an extended DHCPv6 local server.
The extended DHCPv6 local server provides IPv6 addresses and other configuration
information to a subscriber logging into the network. Youmust configure extended
DHCPv6 local server for the wholesaler (default) routing instance and also for each
retailer routing instance.
To configure the DHCPv6 local server:
1. Edit the routing system services.
[edit]user@host# edit system services
2. Edit the DHCPv6 local server.
[edit system services]user@host# edit dhcp-local-server
3. Define the DHCP pool match order.
45Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
[edit system services dhcp-local-server]user@host# set pool-match-order ip-address-first
4. Set the authentication password.
[edit system services dhcp-local-server]user@host# set authentication password $ABC123
5. (Optional) Edit the values you want included with the username.
[edit system services dhcp-local-server]user@host# edit authentication username-include
6. (Optional) Set the values you want included with the username.
[edit system services dhcp-local-server username-include]user@host# set domain-name example.comuser@host# set user-prefix user-defined-prefix
7. Access the DHCPv6-specific service configuration.
[edit system services dhcp-local-server]user@host# edit dhcpv6
8. Create and name a DHCPv6 local server group.
[edit system services dhcp-local-server dhcpv6]user@host# edit group dhcp-ls-group
9. Specify a dynamic profile that you want the DHCPv6 local server group to use.
[edit system services dhcp-local-server dhcpv6 group dhcp-ls-group]user@host# set dynamic-profileWholesaler_Profile
10. Assign interfaces to the group.
[edit system services dhcp-local-server dhcpv6 group dhcp-ls-group]user@host# set interface ge-1/3/0.1 upto ge-1/3/0.5
11. Edit the DHCPv6 local server trace options.
[edit system processes dhcp-service]user@host# edit traceoptions
12. Specify a log file into which you want trace option information to be saved.
[edit system processes dhcp-service traceoptions]user@host# set file dhcp-server-msgs.log
13. Specify the DHCPv6 local server message operations that you want saved in the log
file.
[edit system processes dhcp-service traceoptions]user@host# set flag all
RelatedDocumentation
Address-Assignment Pools Overview•
• DHCPv6 Local Server Overview
Copyright © 2018, Juniper Networks, Inc.46
Broadband Subscriber ManagementWholesale Feature Guide
Example: Retailer Dynamic Profile for a DHCPv6Wholesale Network
dynamic-profiles {Subscriber_Profile_Retailer1 {routing-instances {"$junos-routing-instance" {interface "$junos-interface-name";
}}interfaces {demux0 {unit "$junos-interface-unit" {demux-options {underlying-interface "$junos-underlying-interface";
}family inet6 {demux-source {"$junos-subscriber-ip-address";
}unnumbered-address "$junos-loopback-interface"preferred-source-address"$junos-preferred-source-address";
}}
}}
}
RelatedDocumentation
Configuring Dynamic Profiles for the DHCPv6 Layer 3Wholesale Network Solution on
page 40
•
Example: Retailer Routing Instances for a DHCPv6Wholesale Network
routing-instances {Retailer_Instance1 {instance-type vrf;access-profile Retailer_Access1;interface ge-11/1/9.10;interface lo0.1;route-distinguisher 1:1;
}Retailer_Instance2 {instance-type vrf;access-profile Retailer_Access2;interface ge-7/1/9.10;interface lo0.2;
}}
RelatedDocumentation
Configuring Separate Routing Instances for DHCPv6 Service Retailers on page 43•
47Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
Example:DHCPv6AddressAssignmentPoolThatProvidesFull 128-bit IPV6Addressesfor a DHCPv6Wholesale Network
access {address-assignment {pool AddressPool_1 {family inet6 {prefix 2001:db8:2121::0/64;range Range1 {low 2001:db8:2121::a/128;high 2001:db8:2121::7ffe/128;
}dhcp-attributes {maximum-lease-time 3600;grace-period 60;
}}
}}
}
RelatedDocumentation
DHCPv6 Address Assignment Pool That Provides Full 128-bit IPV6 Addresses for a
DHCPv6Wholesale Network
•
Example: DHCPv6 Address Assignment Pool That Provides 74-bit IPV6 Prefixes for aDHCPv6Wholesale Network
access {address-assignment {pool AddressPool_2 {family inet6 {prefix 2001:db8:2222::0/64;range BitLimit prefix-length 74;dhcp-attributes {maximum-lease-time 3600;grace-period 60;
}}}}
}}
}
RelatedDocumentation
Configuring Address Server Elements for the DHCPv6 Layer 3Wholesale Solution on
page 43
•
Example: Extended DHCPv6 Local Server for a DHCPv6Wholesale Network
system {
Copyright © 2018, Juniper Networks, Inc.48
Broadband Subscriber ManagementWholesale Feature Guide
services {dhcp-local-server {traceoptions {file dhcp-server-msgs.log;flag all;
}dhcpv6 {group dhcp-ls-group {dynamic-profileWholesaler_Profile;interface ge-1/3/0.1 {upto ge-1/3/0.5;
}}
}pool-match-order {ip-address-first;
}authentication {password $ABC123;username-include {domain-name example.com;user-prefix user-defined-prefix;
}}
}}
}
RelatedDocumentation
• Configuring Address Server Elements for the DHCPv6 Layer 3Wholesale Solution on
page 43
49Copyright © 2018, Juniper Networks, Inc.
Chapter 3: Configuring DHCPv6 Layer 3Wholesale Networks
Copyright © 2018, Juniper Networks, Inc.50
Broadband Subscriber ManagementWholesale Feature Guide
PART 2
Configuring PPPoE Layer 3WholesaleNetworks
• Subscriber Management PPPoEWholesale Overview on page 53
• Configuring PPPoE Layer 3Wholesale Networks on page 57
51Copyright © 2018, Juniper Networks, Inc.
Copyright © 2018, Juniper Networks, Inc.52
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 4
Subscriber Management PPPoEWholesale Overview
• Layer 2 and Layer 3Wholesale Overview on page 53
• PPPoE Layer 3Wholesale Configuration Interface Support on page 54
• Subscriber to Logical System and Routing Instance Relationship on page 54
• RADIUS VSAs and Broadband Subscriber ManagementWholesale Configuration
Overview on page 55
Layer 2 and Layer 3Wholesale Overview
In general, wholesaling broadband services allows service providers to resell broadband
services and allows other providers to deploy their own services over the incumbent
network. There are different methods to partitioning an access network for resale. The
twomost common approaches are based on either Layer 2 or Layer 3 information.
Wholesale access is the process by which the access network provider (thewholesaler)
partitions the access network into separately manageable and accountable subscriber
segments for resale to other network providers (or retailers).
In a Layer 3 wholesale configuration, you partition the wholesaler access network at the
network layer or the subscriber IP component by associating the IP component with a
distinct Layer 3 domain. In a Layer 2 wholesale configuration, you partition the access
network at the subscriber circuit or customer VLAN (C-VLAN) by backhauling the
connection through the service provider backbone network to the subscribing retailer
network where the access traffic can bemanaged at higher layers.
In a Junos OS Dynamic Host Configuration Protocol (DHCP) or Point-to-Point Protocol
over Ethernet (PPPoE) subscriber access configuration, wholesale partitioning is
accomplished through the use of logical systems and routing instanceswithin the router.
Logical systems offer a stricter partitioning of routing resources than routing instances.
The purpose behind the use of logical systems is to distinctly partition the physical router
into separate administrative domains. This partitioning enables multiple providers to
administer the router simultaneously,witheachproviderhavingaccessonly to theportions
of the configuration relevant to their logical system. Junos OS supports up to 15 named
logical systems in addition to thedefault logical system(that is, inet.0). Unless otherwise
specified in configuration, all interfaces belong to the default logical system.
53Copyright © 2018, Juniper Networks, Inc.
NOTE: This Junos OS release supports the use of only the default logicalsystem. Partitioning currently occurs through the use of separate routinginstances.
A logical system can have one or more routing instances. Typically used in Layer 3 VPN
scenarios, a routing instance does not have the same level of administrative separation
asa logical systembecause it doesnotoffer administrative isolation.However, the routing
instance defines a distinct routing table, set of routing policies, and set of interfaces.
RelatedDocumentation
Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements on page 9
•
• Broadband Subscriber Management PPPoE Layer 3Wholesale Topology and
Configuration Elements on page 57
• Broadband Subscriber Management Layer 2Wholesale Topology and Configuration
Elements on page 75
PPPoE Layer 3Wholesale Configuration Interface Support
PPPoE Layer 3 wholesale requires the use of PPP interfaces. This means that youmust
specify the PP0 interface when configuring Layer 3 wholesaling in a PPPoE network.
For general additional information about configuring PPPoE interfaces, see the Junos OS
Network Interfaces Library for Routing Devices.
RelatedDocumentation
Junos OS Network Interfaces Library for Routing Devices•
• Configuring a PPPoE Dynamic Profile.
• Configuring Dynamic PPPoE Subscriber Interfaces.
Subscriber to Logical System and Routing Instance Relationship
As subscriber sessions are established, subscriber to logical system/routing instance
memberships are established by the AAA framework configured for the default logical
system.WhenconfiguringLayer3wholesaling, you typically configureglobal (wholesale)
information within the default (master) logical system and default routing instance.
Incomingsubscribersmust thenbeauthenticated, but this authenticationcanbehandled
in one of two ways:
• Single (wholesaler only) authentication—Incoming subscribers are authenticated by
thewholesalerRADIUSserver. After authentication, the subscribersareassignedvalues
specified by dynamic profiles (routing instances, interfaces, and any configuration
values) specific to a particular retailer.
• Dual (wholesaler and retailer) authentication—Sometimes referred to as double-dip
authentication. Incoming subscribers are initially authenticated by RADIUS using the
wholesale configuration. Authenticated subscribers are then redirected toother routing
Copyright © 2018, Juniper Networks, Inc.54
Broadband Subscriber ManagementWholesale Feature Guide
instances associated with individual retailer network space. When you redirect
subscribers, and those subscribers are to be authenticated by AAA servers owned by
individual retailers, the subscribers must be authenticated again by the AAA servers
before they are provided an address and any dynamic profile values are assigned. After
reauthentication, however, the subscribers are managed normally using any values
specific to the retailer routing instance to which they are assigned.
RelatedDocumentation
See Routing Instances Overview in the Junos OS Routing Protocols Library.•
RADIUS VSAs and Broadband Subscriber ManagementWholesale ConfigurationOverview
You canuseRADIUS to assign various values through the use of dynamic variableswithin
dynamic profiles. However, the configuration of at least one of the two VSAs described
in Table 3 on page 6 is required for a wholesale network to function.
Table 4: Required Juniper Networks VSAs for the Broadband SubscriberManagementWholesale Network Solution
ValueDescriptionAttribute NameAttribute Number
string: logicalsystem:routinginstance
Client logicalsystem/routinginstancemembershipname. Allowed onlyfrom RADIUS serverfor “default” logicalsystem/routinginstancemembership.
LSRI-Name26-1
string: logicalsystem:routinginstance
Client logicalsystem/routinginstancemembershipname indicating towhich logicalsystem/routinginstancemembershipthe request isredirected for userauthentication.
Redirect-LSRI-Name26-25
Specifying the $junos-routing-instance dynamic variable in a dynamic profile triggers a
RADIUSaccess-accept responseofeither theLSRI-NameVSAor theRedirect-LSRI-Name
VSA. Returning an LSRI-Name attribute in the access-accept response provides the
logical system and routing instance in which the logical interface is to be created and
the router updates the session database with the specified routing instance value.
Returning a Redirect-LSRI-Name attribute in the access-accept response results in the
router immediately sending a second access-request message (sometimes referred to
as a double-dip) to the RADIUS server specified by the logical system:routing instance
attribute specified by the Redirect-LSRI-Name VSA.
55Copyright © 2018, Juniper Networks, Inc.
Chapter 4: Subscriber Management PPPoEWholesale Overview
NOTE: Attributes returned as a result of a second access-request messageto the logical system/routing instancemembership specified by theRedirect-LSRI-Name VSA override any prior attributes returned by initialaccess-accept responses to the default logical system/routing instancemembership.
RelatedDocumentation
• Juniper Networks VSAs Supported by the AAA Service Framework on page 143.
Copyright © 2018, Juniper Networks, Inc.56
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 5
Configuring PPPoE Layer 3WholesaleNetworks
• Broadband Subscriber Management PPPoE Layer 3Wholesale Topology and
Configuration Elements on page 57
• PPPoE Layer 3Wholesale Network Topology Overview on page 59
• Configuring Loopback Interfaces for thePPPoELayer 3Wholesale Solution onpage59
• Configuring Static Customer VLANs for the PPPoE Layer 3Wholesale Network
Solution on page 61
• ConfiguringAccessComponents for thePPPoEWholesaleNetworkSolutiononpage61
• Configuring Dynamic Profiles for the PPPoE Layer 3Wholesale Network
Solution on page 64
• Configuring Separate Routing Instances for PPPoE Service Retailers on page 66
• Example: Wholesaler Dynamic Profile for a PPPoEWholesale Network on page 67
• Example: Retailer Routing Instances for a PPPoEWholesale Network on page 68
Broadband Subscriber Management PPPoE Layer 3Wholesale Topology andConfiguration Elements
Thenetwork topology for the subscribermanagementPPPoELayer 3wholesale solution
includes configuring separate routing instances for individual retailers that use a portion
of the router.
To explain the concept, but to limit complexity, this solution provides a configuration
with onewholesaler and only two retailers. Figure 5 on page 58 illustrates a basic PPPoE
Layer 3 wholesale topology model fromwhich you can expand.
57Copyright © 2018, Juniper Networks, Inc.
Figure5:BasicSubscriberManagementPPPoELayer3WholesaleSolutionTopology
MSAN
Retailer 1 Network Space
MSAN Retailer 2 Network Space
MX Series Wholesaler Network Space
Retailer 1RADIUSserver
WholesalerRADIUSserver
Retailer 2RADIUSserver
g017
456
When you are configuring a PPPoE Layer 3 wholesale network solution, the following
configuration elements are required:
• Subscriber network VLAN configuration
• Addressing server or addressing server access configuration
• RADIUS server access configuration
• Dynamic profile configuration for default (wholesaler) access
• Routing instance configuration for individual retailers
• Group configuration and forwarding options for the network
• Core network configuration
This implementation of PPPoE Layer 3 wholesale supports the following:
• Dynamic PPPoE interface creation.
• Static VLAN use only.
• AAA server assignment of subscribers to different routing instances within the same
(default) logical system only.
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• PPPoE Layer 3Wholesale Network Topology Overview on page 59
Copyright © 2018, Juniper Networks, Inc.58
Broadband Subscriber ManagementWholesale Feature Guide
PPPoE Layer 3Wholesale Network Topology Overview
This configurationexplainshowtoconfigurea simplePPPoELayer 3wholesale subscriber
accessnetwork. This solution incorporates two retailers sharing resourcesonawholesaler
router. Figure6onpage59provides the reference topology for this configurationexample.
Figure 6: PPPoE Layer 3Wholesale Network Reference Topology
MSAN
GE-9/3/0
Retailer 1 Network Space
MSAN
GE-9/3/0
Retailer 1RADIUSserver
Retailer 2 Network Space
Retailer 1 Network ElementsAccess Network Interface:
Loopback (lo0.5) Interface Address:C-VLANs:
Logical Interfaces:RADIUS Authentication Server Address:
RADIUS Accounting Server Address:Access Profile:
GE-9/3/0127.33.0.1/32Three (unit 8 to 10)GE-9/3/0.8 to GE-9/3/0.1110.10.10.110.10.10.1PPPoE_Retailer_Access1
Routing Instance: PPPoE_Retailer_Instance1
Retailer 2 Network ElementsAccess Network Interface:
Loopback (lo0.6) Interface Address:C-VLANs:
Logical Interfaces:RADIUS Authentication Server Address:
RADIUS Accounting Server Address:Access Profile:
GE-9/3/0127.32.0.1/32Three (unit 11 to 13)GE-9/3/0.11 to GE-9/3/0.1310.20.20.110.20.20.1PPPoE_Retailer_Access2
Routing Instance: PPPoE_Retailer_Instance2
Wholesaler-Specific Network ElementsAccess Network Interface:
Loopback (lo0.4) Interface Address:C-VLANs:
Logical Interfaces:RADIUS Authentication Server Address:
RADIUS Accounting Server Address:Access Profile:
GE-9/3/0127.30.0.1/32One (unit 14)GE-9/3/0.14192.168.1.1192.168.1.1PPPoE_Wholesaler_Access
Routing Instance: PPPoE_Wholesaler_InstanceDynamic Profile: PPPoE_Wholesaler_Profile
MX SeriesWholesaler
RADIUSserver
Retailer 2RADIUSserver
g017
457
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements on page 9
Configuring Loopback Interfaces for the PPPoE Layer 3Wholesale Solution
Youmust configure loopback interfaces for use in the subscriber management access
network. The loopback interfaces are automatically used for unnumbered interfaces.
59Copyright © 2018, Juniper Networks, Inc.
Chapter 5: Configuring PPPoE Layer 3Wholesale Networks
NOTE: If you do not configure the loopback interface, the routing platformchooses the first interface to come online as the default. If you configuremore than one address on the loopback interface, we recommend that youconfigure one to be the primary address to ensure that it is selected for usewith unnumbered interfaces. By default, the primary address is used as thesource address when packets originate from the interface.
To configure loopback interfaces:
1. Edit the loopback interface.
[edit]user@host# edit interfaces lo0
2. Edit the unit for the wholesale loopback interface.
[edit interfaces lo0]user@host# edit unit 4
3. Edit the wholesale loopback interface family.
[edit interfaces lo0 unit 4]user@host# edit family inet
4. Specify the wholesale loopback interface address.
[edit interfaces lo0 unit 4 family inet]user@host# set address 127.30.0.1/32
5. (Optional) Specify the loopback interface address as the primary loopback interface.
[edit interfaces lo0 unit 4 family inet]user@host# set address 127.30.0.2/32 primary
6. Edit the unit for a retail loopback interface.
[edit interfaces lo0]user@host# edit unit 5
7. Edit the retail loopback interface family.
[edit interfaces lo0 unit 5]user@host# edit family inet
8. Specify the retail loopback interface address.
[edit interfaces lo0 unit 5 family inet]user@host# set address 127.33.0.1/32
9. (Optional) Specify the loopback interface address as the primary loopback interface.
[edit interfaces lo0 unit 5 family inet]user@host# set address 127.33.0.2/32 primary
10. Repeat steps 7 through 10 for additional retailers, making sure to use unique unit and
address values for each retailer loopback interface.
Copyright © 2018, Juniper Networks, Inc.60
Broadband Subscriber ManagementWholesale Feature Guide
RelatedDocumentation
Junos OS Network Interfaces Library for Routing Devices•
ConfiguringStaticCustomerVLANsfor thePPPoELayer3WholesaleNetworkSolution
In this example configuration, the access interface (ge-9/3/0) connects to a device (that
is, a DSLAM) on the access side of the network. You can define static customer VLANs
(C-VLANs) for use by the wholesaler and any access network subscribers.
To configure the customer VLANs:
1. Edit the access side interface.
[edit]user@host# edit interfaces ge-9/3/0
2. Specify the use of flexible VLAN tagging.
[edit interfaces ge-9/3/0]user@host# set flexible-vlan-tagging
3. Edit the interface unit for the wholesaler VLAN.
[edit interfaces ge-9/3/0]user@host# edit unit 14
4. Specify the type of encapsulation that you want the wholesaler VLAN to use.
[edit interfaces ge-9/3/0 unit 14]user@host# set encapsulation ppp-over-ether
5. (Optional) Specify that you want the wholesaler VLAN to use Proxy ARP.
[edit interfaces ge-9/3/0 unit 14]user@host# set proxy-arp
6. Define a unique VLAN ID for the wholesaler VLAN.
[edit interfaces ge-9/3/0 unit 14]user@host# set vlan-id 14
7. Specify the dynamic profile that you want the wholesaler VLAN to use.
[edit interfaces ge-9/3/0 unit 14]user@host#setpppoe-underlying-optionsdynamic-profilePPPoE_Wholesaler_Profile
Configuring Access Components for the PPPoEWholesale Network Solution
Whenconfiguringawholesalenetwork, youmust configure several components globally.
This configuration provides access to RADIUS servers (if used) that you want the
wholesaler andanyconfigured retailers touseglobally. Theaccessconfiguration includes
the following general steps:
• Configuring RADIUS Server Access on page 62
• Configuring a PPPoEWholesaler Access Profile on page 62
• Configuring PPPoE Retailer Access Profiles on page 63
61Copyright © 2018, Juniper Networks, Inc.
Chapter 5: Configuring PPPoE Layer 3Wholesale Networks
Configuring RADIUS Server Access
You can globally define any RADIUS servers in your network that either the wholesale
access profile or retailer access profile can use. After you define the global RADIUS
servers, you can specify specific RADIUS servers within individual access profiles.
To define RADIUS servers for profile access:
1. Access the [edit access radius-server] hierarchy level.
[edit ]user@host# edit access radius-server
2. Specify the address and secret for any RADIUS servers in the network.
[edit access radius-server]user@host# set 192.168.10.1 secret $ABC123$ABC123$ABC123user@host# set 10.10.10.1 secret $ABC123$ABC123
See Also Configuring Router or Switch Interaction with RADIUS Servers•
Configuring a PPPoEWholesaler Access Profile
Youmust define the network and interface over which you want subscribers to initially
access the network with a wholesale access profile. When a subscriber attempts to
access the network, the access profile provides initial access information including
authentication and accounting values that the router uses for the accessing subscriber.
To define a wholesale access profile:
1. Create the wholesale access profile.
[edit]user@host# edit access profile PPPoE_Wholesaler_Access
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile PPPoE_Wholesaler_Access]user@host# set authentication-order radius
3. Specify that you want to configure RADIUS support.
[edit access profile PPPoE_Wholesaler_Access]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile PPPoE_Wholesaler_Access radius]user@host# set authentication-server 192.168.10.1
5. Specify the IP address of the RADIUS server used for accounting.
Copyright © 2018, Juniper Networks, Inc.62
Broadband Subscriber ManagementWholesale Feature Guide
[edit access profile PPPoE_Wholesaler_Access radius]user@host# set accounting-server 192.168.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
See Also Configuring Authentication and Accounting Parameters for Subscriber Access•
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring RADIUS Server Parameters for Subscriber Access
• Configuring Per-Subscriber Session Accounting
Configuring PPPoE Retailer Access Profiles
In this solution, subscribers are redirected toanetworking spaceusedbya specific retailer
anddefinedbyaunique routing instance.Thismethod requires that youdefine thenetwork
and interfaceoverwhichyouwantsubscribers toaccess thenetworkafterbeing redirected
by the wholesale access profile.
To define a retailer access profile:
1. Create the retailer access profile.
[edit]user@host# edit access profile PPPoE_Retailer_Access1
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile PPPoE_Retailer_Access1]user@host# set authentication-order radius
3. Specify that you want to configure RADIUS support.
[edit access profile PPPoE_Retailer_Access1]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile PPPoE_Retailer_Access1 radius]user@host# set authentication-server 10.10.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profile PPPoE_Retailer_Access1 radius]user@host# set accounting-server 10.10.10.1
63Copyright © 2018, Juniper Networks, Inc.
Chapter 5: Configuring PPPoE Layer 3Wholesale Networks
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
See Also Configuring Authentication and Accounting Parameters for Subscriber Access•
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring RADIUS Server Parameters for Subscriber Access
• Configuring Per-Subscriber Session Accounting
Configuring Dynamic Profiles for the PPPoE Layer 3Wholesale Network Solution
A dynamic profile is a set of characteristics, defined in a type of template, that you can
use to provide services for broadband applications. These services are assigned
dynamically to interfaces as they access the network.When configuring dynamic profiles
for the PPPoE Layer 3 wholesale network, you can choose to configure one dynamic
profile toaddressall incomingsubscribersor youcanconfigure individual dynamicprofiles
for use by the different network management groups (that is, the wholesaler and any
retailers). In fact, you can create multiple dynamic profiles that you can use to roll out
different services and selectively apply those dynamic profiles to different subscriber
groups as necessary.
In this solution example, one dynamic profile is created for use by the wholesaler when
subscribers initially access the network. Subscribers are assigned by the wholesaler
RADIUS server to a particular retailer routing instance and can then be redirected to that
retailer network space.
• Configuring aWholesale Dynamic Profile for use in the PPPoE Solution on page 64
Configuring aWholesale Dynamic Profile for use in the PPPoE Solution
You can configure a basic access profile to initially manage PPPoE subscribers that
access the network.
To configure a dynamic profile for use by the wholesaler:
1. Create a wholesale dynamic profile.
[edit]user@host# edit dynamic-profiles PPPoE_Wholesaler_Profile
2. Define the dynamic routing instance variable in the dynamic profile.
[edit dynamic-profiles PPPoE_Wholesaler_Profile]user@host# edit routing-instances $junos-routing-instance
Copyright © 2018, Juniper Networks, Inc.64
Broadband Subscriber ManagementWholesale Feature Guide
3. Set the dynamic interface variable for the dynamic routing instance.
[edit dynamic-profiles PPPoE_Wholesaler_Profile routing-instances“$junos-routing-instance”]
user@host# set interface $junos-interface-name
4. Specify that you want to configure the pp0 interface in the dynamic profile.
[edit dynamic-profiles PPPoE_Wholesaler_Profile]user@host# edit interfaces pp0
5. Configure the unit for the pp0 interface.
a. Configure the variable for the unit number of the pp0 interface.
The variable is dynamically replaced with the unit number that RADIUS supplies
when the subscriber logs in.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0]user@host# edit unit $junos-interface-unit
b. Configure PAP or CHAP (or both) to function on the interface.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set ppp-options chap pap
c. Configure the variable for the underlying interface of the pp0 interfaces.
The variable is dynamically replaced with the underlying interface that RADIUS
supplies when the subscriber logs in.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set pppoe-options underlying-interface $junos-underlying-interface
d. Configure the router to act as a PPPoE server.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set pppoe-options server
6. (Optional) Modify the PPPoE keepalive interval.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# set keepalives interval 15
7. Configure the family for the pp0 interface.
a. Specify that you want to configure the family.
65Copyright © 2018, Juniper Networks, Inc.
Chapter 5: Configuring PPPoE Layer 3Wholesale Networks
NOTE: You can specify inet for IPv4 and inet6 for IPv6. However, this
solution provides the IPv4 configuration only.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit”]
user@host# edit family inet
b. Configure the unnumbered address for the family.
[edit dynamic-profiles PPPoE_Wholesaler_Profile interfaces pp0 unit“$junos-interface-unit” family inet]
user@host# set unnumbered-address $junos-loopback-interface
Configuring Separate Routing Instances for PPPoE Service Retailers
As the owner of the system, the wholesaler uses the default routing instance. Youmust
create separate routing instances for each individual retailer to keep routing information
for individual retailers separate and to define any servers and forwarding options specific
to each retailer.
To define a retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances PPPoE_Retailer_Instance1
2. Specify the routing instance type for the retailer.
[edit routing-instances “PPPoE_Retailer_Instance1”]user@host# set instance-type vrf
3. Specify the access profile that you want the routing instance to use.
[edit routing-instances “PPPoE_Retailer_Instance1”]user@host# set access-profile PPPoE_Retailer_Access1
4. Specify the interface that faces the Retailer1 RADIUS server.
[edit routing-instances “PPPoE_Retailer_Instance1”]user@host# set interface ge-11/1/9.10
5. Specify the loopback interface unit for this routing instance.
[edit routing-instances “PPPoE_Retailer_Instance1”]user@host# set interface lo0.5
NOTE: Loopback interfacesmust be unique for each routing instance.
Copyright © 2018, Juniper Networks, Inc.66
Broadband Subscriber ManagementWholesale Feature Guide
6. Specify an identifier to distinguish the VPN to which the route belongs.
[edit routing-instances “PPPoE_Retailer_Instance1”]user@host# set route-distinguisher 1:1
7. Specify how routes are imported into the local PE router’s VPN routing table from the
remote PE router.
[edit routing-instances “PPPoE_Retailer_Instance1”]user@host# set vrf-import policyImport
8. Specify which routes are exported from the local instance table to the remote PE
router.
[edit routing-instances “PPPoE_Retailer_Instance1”]user@host# set vrf-export policyExport
9. Repeat this procedure for other retailers.
RelatedDocumentation
Example:Wholesaler Dynamic Profile for a PPPoEWholesale Network
This example specifies a dynamic profile name of PPPoE_Wholesaler_Profile, uses pp0
interfaces, and references the predefined input firewall filter.
PPPoE_Wholesaler_Profile {routing-instances {"$junos-routing-instance" {interface "$junos-interface-name";
}}interfaces {pp0 {unit "$junos-interface-unit" {ppp-options {chap;pap;
}pppoe-options {underlying-interface "$junos-underlying-interface";server;
}keepalives interval 15;family inet {filter {input "$junos-input-filter";output "$junos-output-filter";
}unnumbered-address "$junos-loopback-interface";
}}
67Copyright © 2018, Juniper Networks, Inc.
Chapter 5: Configuring PPPoE Layer 3Wholesale Networks
}}
}
RelatedDocumentation
Configuring Dynamic Profiles for the PPPoE Layer 3Wholesale Network Solution on
page 64
•
Example: Retailer Routing Instances for a PPPoEWholesale Network
routing-instances {PPPoE_Retailer_Instance1 {instance-type vrf;access-profile PPPoE_Retailer_Access1;interface ge-11/1/9.10;interface lo0.5;route-distinguisher 1:1;vrf-import policyImport;vrf-export policyExport;
}Retailer_Instance2 {instance-type vrf;access-profile PPPoE_Retailer_Access2;interface ge-11/1/9.10;interface lo0.6;route-distinguisher 2:2;vrf-import policyImport;vrf-export policyExport;
}}
RelatedDocumentation
• Configuring Separate Routing Instances for PPPoE Service Retailers on page 66
Copyright © 2018, Juniper Networks, Inc.68
Broadband Subscriber ManagementWholesale Feature Guide
PART 3
Configuring Layer 2 Wholesale Networks
• Subscriber Management Layer 2Wholesale Overview on page 71
• Configuring Layer 2Wholesale Networks on page 75
69Copyright © 2018, Juniper Networks, Inc.
Copyright © 2018, Juniper Networks, Inc.70
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 6
Subscriber Management Layer 2Wholesale Overview
• Layer 2 and Layer 3Wholesale Overview on page 71
• Wholesale Network Configuration Options and Considerations on page 72
• RADIUS VSAs and Broadband Subscriber ManagementWholesale Configuration
Overview on page 73
Layer 2 and Layer 3Wholesale Overview
In general, wholesaling broadband services allows service providers to resell broadband
services and allows other providers to deploy their own services over the incumbent
network. There are different methods to partitioning an access network for resale. The
twomost common approaches are based on either Layer 2 or Layer 3 information.
Wholesale access is the process by which the access network provider (thewholesaler)
partitions the access network into separately manageable and accountable subscriber
segments for resale to other network providers (or retailers).
In a Layer 3 wholesale configuration, you partition the wholesaler access network at the
network layer or the subscriber IP component by associating the IP component with a
distinct Layer 3 domain. In a Layer 2 wholesale configuration, you partition the access
network at the subscriber circuit or customer VLAN (C-VLAN) by backhauling the
connection through the service provider backbone network to the subscribing retailer
network where the access traffic can bemanaged at higher layers.
In a Junos OS Dynamic Host Configuration Protocol (DHCP) or Point-to-Point Protocol
over Ethernet (PPPoE) subscriber access configuration, wholesale partitioning is
accomplished through the use of logical systems and routing instanceswithin the router.
Logical systems offer a stricter partitioning of routing resources than routing instances.
The purpose behind the use of logical systems is to distinctly partition the physical router
into separate administrative domains. This partitioning enables multiple providers to
administer the router simultaneously,witheachproviderhavingaccessonly to theportions
of the configuration relevant to their logical system. Junos OS supports up to 15 named
logical systems in addition to thedefault logical system(that is, inet.0). Unless otherwise
specified in configuration, all interfaces belong to the default logical system.
71Copyright © 2018, Juniper Networks, Inc.
NOTE: This Junos OS release supports the use of only the default logicalsystem. Partitioning currently occurs through the use of separate routinginstances.
A logical system can have one or more routing instances. Typically used in Layer 3 VPN
scenarios, a routing instance does not have the same level of administrative separation
asa logical systembecause it doesnotoffer administrative isolation.However, the routing
instance defines a distinct routing table, set of routing policies, and set of interfaces.
RelatedDocumentation
Broadband Subscriber Management DHCPv4 Layer 3Wholesale Topology and
Configuration Elements on page 9
•
• Broadband Subscriber Management PPPoE Layer 3Wholesale Topology and
Configuration Elements on page 57
• Broadband Subscriber Management Layer 2Wholesale Topology and Configuration
Elements on page 75
Wholesale Network Configuration Options and Considerations
You can configure a wholesale network any number of ways using Juniper Networks
hardware and Junos OS software. For information about subscriber management
hardware support, see the Junos OS Broadband Subscriber Management and Services
Library. The general configuration options, and considerations for each, are provided in
the following table:
ConsiderationsWholesale Configuration Options
Providing more control over retailer space and access, this option is more laborintensive and can require more detailed planning of the network, address allocation,and so on.
Fully Static (all interfaces, VLANs, androuting instances are configuredstatically)
Service VLANS are created statically andmust bemanaged. Demux interfaces aredynamically createdover the serviceVLANs. This optionusesmore logical interfaces;one for each VLAN and one for each dynamic demux interface that runs over eachVLAN.
Static VLANs and Dynamic DemuxInterfaces
Dynamic (auto-sensed) VLANs are authenticated and installed in the correctnon-default routing instance before DHCP is instantiated. This method helps toconserve logical interfacesbyavoiding theneed foradditional logical interfacesbeingcreated for each demux interface.
NOTE: In a customer VLANmodel, each VLAN functions on a 1:1 basis for eachcustomer (in this case, per household).
Dynamic VLANs Only (dedicatedcustomer VLANs for each subscriber)
Allows for thegreatest easeofuseand flexibility in configuring subscribers, byenablingaccess over a service VLAN and targetting more service levels over individual,dynamically-created demux interfaces over the service VLAN. This option usesmorelogical interfaces; one for each VLAN and one for each demux interface that runsover each VLAN.
Dynamic VLANs and Dynamic DemuxInterfaces
Copyright © 2018, Juniper Networks, Inc.72
Broadband Subscriber ManagementWholesale Feature Guide
RADIUS VSAs and Broadband Subscriber ManagementWholesale ConfigurationOverview
You canuseRADIUS to assign various values through the use of dynamic variableswithin
dynamic profiles. However, the configuration of at least one of the two VSAs described
in Table 3 on page 6 is required for a wholesale network to function.
Table 5: Required Juniper Networks VSAs for the Broadband SubscriberManagementWholesale Network Solution
ValueDescriptionAttribute NameAttribute Number
string: logicalsystem:routinginstance
Client logicalsystem/routinginstancemembershipname. Allowed onlyfrom RADIUS serverfor “default” logicalsystem/routinginstancemembership.
LSRI-Name26-1
string: logicalsystem:routinginstance
Client logicalsystem/routinginstancemembershipname indicating towhich logicalsystem/routinginstancemembershipthe request isredirected for userauthentication.
Redirect-LSRI-Name26-25
Specifying the $junos-routing-instance dynamic variable in a dynamic profile triggers a
RADIUSaccess-accept responseofeither theLSRI-NameVSAor theRedirect-LSRI-Name
VSA. Returning an LSRI-Name attribute in the access-accept response provides the
logical system and routing instance in which the logical interface is to be created and
the router updates the session database with the specified routing instance value.
Returning a Redirect-LSRI-Name attribute in the access-accept response results in the
router immediately sending a second access-request message (sometimes referred to
as a double-dip) to the RADIUS server specified by the logical system:routing instance
attribute specified by the Redirect-LSRI-Name VSA.
NOTE: Attributes returned as a result of a second access-request messageto the logical system/routing instancemembership specified by theRedirect-LSRI-Name VSA override any prior attributes returned by initialaccess-accept responses to the default logical system/routing instancemembership.
RelatedDocumentation
• Juniper Networks VSAs Supported by the AAA Service Framework on page 143.
73Copyright © 2018, Juniper Networks, Inc.
Chapter 6: Subscriber Management Layer 2Wholesale Overview
Copyright © 2018, Juniper Networks, Inc.74
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 7
Configuring Layer 2 Wholesale Networks
• Broadband Subscriber Management Layer 2Wholesale Topology and Configuration
Elements on page 75
• Layer 2Wholesale Network Topology Overview on page 77
• Configuring a Retail Dynamic Profile for Use in the Layer 2Wholesale
Solution on page 79
• Stacking and Rewriting VLAN Tags for the Layer 2Wholesale Solution on page 80
• Configuring VLAN Interfaces for the Layer 2Wholesale Solution on page 82
• Configuring Encapsulation for Layer 2Wholesale VLAN Interfaces on page 83
• Configuring NNI ISP-Facing Interfaces for the Layer 2Wholesale Solution on page 84
• ConfiguringDirect ISP-Facing Interfaces for the Layer 2WholesaleSolution onpage85
• Configuring Separate Access Routing Instances for Layer 2Wholesale Service
Retailers on page 86
• Configuring Separate NNI Routing Instances for Layer 2Wholesale Service
Retailers on page 89
• ConfiguringAccessComponents for theLayer 2WholesaleNetworkSolutiononpage91
• Example: Retailer Dynamic Profile for a Layer 2Wholesale Network on page 92
• Example: Access Interface for a Layer 2Wholesale Network on page 93
• Example:RetailerAccessRouting Instances foraLayer 2WholesaleNetworkonpage93
• Example:RetailerNNI ISP-Facing Interfaces foraLayer2WholesaleNetworkonpage94
• Example: Retailer Direct ISP-Facing Interface for a Layer 2Wholesale
Network on page 95
Broadband Subscriber Management Layer 2Wholesale Topology and ConfigurationElements
Thenetwork topology for thesubscribermanagementLayer 2wholesale solution includes
configuring separate routing instances for individual retailers that use a portion of the
router. This solution uses a Virtual Private LAN Service (VPLS) configuration.
Layer 2 wholesale networks are supported on MPC/MIC interfaces.
75Copyright © 2018, Juniper Networks, Inc.
To explain the concept but limit complexity, this solution provides a configuration with
one wholesaler and only two retailers. Figure 7 on page 76 illustrates a basic Layer 2
wholesale topology model fromwhich you can expand.
Figure 7: Basic Subscriber Management Layer 2Wholesale SolutionTopology
Copyright © 2018, Juniper Networks, Inc.76
Broadband Subscriber ManagementWholesale Feature Guide
WhenyouareconfiguringaLayer2wholesalenetworksolution, the followingconfiguration
elements are required:
• Subscriber accessdynamicVLANconfiguration includingdynamicprofile configuration
for retailer routing instances
• Routing instance configuration for individual retailers on provider edge (PE) routers
and network-to-network interface (NNI) routers.
• VLAN interface configuration
• RADIUS server access configuration
• Core network configuration
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Layer 2Wholesale Network Topology Overview on page 77
Layer 2Wholesale Network Topology Overview
This configurationexplainshowtoconfigurea simpleLayer 2wholesale subscriber access
network. This solution illustrates two Internet Service Provider (ISP) retailers sharing
access to a wholesaler network. The wholesaler network contains a Layer 2 Network
access router and two Virtual Private LAN Service (VPLS) network-to-network interface
(NNI) routers.
NOTE: You can havemore than one ISP router connecting to a single VPLSNNI router with VPLS interfaces configured with routing instances specificto each different ISP-facing interfaces.
The example also shows two different connection options from one subscriber access
router tooneof the individual ISPaccess routers.Oneconnectionoptionusesan interface
on the subscriber access router to connect directly to the ISP access router. Another
connection option uses two routers: a subscriber access router and another NNI router
that connects to the ISP access router.
NOTE: When using the NNI router connection option, use a standard BGP orMPLS configuration between the subscriber access routers and the edgerouter that connects to the ISP access routers. See the Junos OS RoutingProtocols Library for information about BGP configuration. See the Junos OSMPLS Applications Library for Routing Devices for information about MPLSconfiguration.
Figure 8 on page 78 provides the reference topology for this configuration example.
77Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
Figure 8: Layer 2Wholesale Network Reference Topology
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Broadband Subscriber Management Layer 2Wholesale Topology and Configuration
Elements on page 75
Copyright © 2018, Juniper Networks, Inc.78
Broadband Subscriber ManagementWholesale Feature Guide
Configuring a Retail Dynamic Profile for Use in the Layer 2Wholesale Solution
To configure a dynamic profile for use with retailer access:
1. Create a retail dynamic profile.
[edit]user@host# edit dynamic-profiles Subscriber_Profile_Retail1
2. Define the dynamic routing instance variable in the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# edit routing-instances $junos-routing-instance
3. Set the dynamic interface variable for the dynamic routing instance.
[edit dynamic-profiles Subscriber_Profile_Retail1 routing-instances“$junos-routing-instance”]
user@host# set interface $junos-interface-name
4. Define the dynamic interfaces variable for the dynamic profile.
[edit dynamic-profiles Subscriber_Profile_Retail1]user@host# set interfaces $junos-interface-ifd-name
5. Define the dynamic interface unit variable for the dynamic profile.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”]user@host# set unit $junos-interface-unit
6. (Optional) Define the VLAN encapsulation for the dynamic interfaces.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set encapsulation vlan-vpls
NOTE: If you choose not to specify an encapsulation for the logicalinterface, youmust specify encapsulation for the physical interface.
7. Define the VLAN tag variables for the dynamic profile:
NOTE: This solution example uses stacked VLAN tagging. However, youcan also specify single-tag VLANs. For additional information aboutconfiguring dynamic VLANs, see the Broadband Subscriber VLANs andInterfaces Feature Guide.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set vlan-tags outer $junos-stacked-vlan-id inner $junos-vlan-id
79Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
8. Define the input and output VLANmaps. See “Stacking and Rewriting VLAN Tags for
the Layer 2Wholesale Solution” on page 80 for details.
9. Specify the unit family as vpls at the [edit dynamic-profiles profile-name interfaces
“$junos-interface-ifd-name” unit “$junos-interface-unit” family] hierarchy level.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set family vpls
Stacking and Rewriting VLAN Tags for the Layer 2Wholesale Solution
Stacking and rewriting VLAN tags allows you to use an additional (outer) VLAN tag to
differentiate between routers in the Layer 2 wholesale network. A frame can be received
on an interface, or it can be internal to the system (as a result of the input-vlan-map
statement).
You can configure rewrite operations to stack (push), remove (pop), or rewrite (swap)
tags on single-tagged frames and dual-tagged frames. If a port is not tagged, rewrite
operations are not supported on any logical interface on that port.
You can configure the following single-action VLAN rewrite operations:
• pop—Remove a VLAN tag from the top of the VLAN tag stack. The outer VLAN tag of
the frame is removed.
• push—Add a newVLAN tag to the top of the VLAN stack. An outer VLAN tag is pushed
in front of the existing VLAN tag.
• swap—Replace the inner VLAN tag of the incoming frame with a user-specified VLAN
tag value.
You configure VLAN rewrite operations for logical interfaces in the input VLANmap for
incoming frames and in the output VLANmap for outgoing frames.
You can include both the input-vlan-map and output-vlan-map statements at the [edit
dynamic-profiles profile-name interface “$junos-interface-ifd-name” unit ”
$junos-interface-unit] hierarchy level.
The type of VLAN rewrite operation permitted depends upon whether the frame is
single-tagged or dual-tagged. Table 6 on page 80 shows supported rewrite operations
and whether they can be applied to single-tagged frames or dual-tagged frames. The
table also indicates the number of tags being added or removed during the operation.
Table 6: Rewrite Operations on Single-Tagged and Dual-Tagged Frames
Number of TagsDual-TaggedSingle-TaggedRewrite Operation
– 1YesYespop
+1YesYespush
Copyright © 2018, Juniper Networks, Inc.80
Broadband Subscriber ManagementWholesale Feature Guide
Table 6: Rewrite Operations on Single-Tagged and Dual-Tagged Frames (continued)
Number of TagsDual-TaggedSingle-TaggedRewrite Operation
0YesYesswap
Depending on the VLAN rewrite operation, you configure the rewrite operation for the
interface in the inputVLANmap, theoutputVLANmap, or both. Table 7onpage81 shows
what rewrite operation combinations you can configure. “None” means that no rewrite
operation is specified for the VLANmap.
Table 7: Applying Rewrite Operations to VLANMaps
Output VLANMap
Input VLANMap swappoppushnone
YesNoNoYesnone
NoYesNoNopush
NoNoYesNopop
YesNoNoYesswap
To configure the input VLANmap:
NOTE: Youconfigure the input-vlan-mapstatementonlywhenthere isaneed
either to push an outer tag on a single-tagged subscriber packet or tomodifythe outer tag in a subscriber dual-tagged packet.
1. Include the input-vlan-map statement.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# edit input-vlan-map
2. Specify the action that you want the input VLANmap to take.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit” input-vlan-map]
user@host# set push
3. Include the vlan-id statement along with the $junos-vlan-map-id dynamic variable.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit” input-vlan-map]
user@host# set vlan-id $junos-vlan-map-id
81Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
To configure the output VLANmap:
NOTE: You configure the output-vlan-map statement only when there is a
need to either pop or modify the outer tag found in a dual-tagged packetmeant for the subscriber.
1. Include the output-vlan-map statement.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# edit output-vlan-map
2. Specify the action that you want the output VLANmap to take.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit” output-vlan-map]
user@host# set pop
Youmust knowwhether the VLAN rewrite operation is valid and is applied to the input
VLANmap or the output VLANmap. Youmust also knowwhether the rewrite operation
requires you to include statements to configure the inner andouter tagprotocol identifiers
(TPIDs) and inner and outer VLAN IDs in the input VLANmap or output VLANmap. For
information about configuring inner and outer TPIDs and inner and outer VLAN IDs, see
Configuring Inner and Outer TPIDs and VLAN IDs.
Configuring VLAN Interfaces for the Layer 2Wholesale Solution
Clients access the Layer 2Wholesale network through a specific interface. After they
access this interface, and when they are authenticated, VLANs are dynamically created
to carry the client traffic.
To configure a VLAN interface for dynamic access of clients:
1. Access the physical interface that you want to use for dynamically creating VLAN
interfaces.
[edit interfaces]user@host# edit interfaces ge-2/3/0
2. Specify the desired VLAN tagging.
NOTE: Thisexampleuses flexibleVLANtagging tosimultaneouslysupporttransmission of 802.1Q VLAN single-tag and dual-tag frames on logicalinterfaces on the same Ethernet port.
[edit interfaces ge-2/3/0]user@host# set flexible-vlan-tagging
Copyright © 2018, Juniper Networks, Inc.82
Broadband Subscriber ManagementWholesale Feature Guide
3. Specify that you want to automatically configure VLAN interfaces.
[edit interfaces ge-2/3/0]user@host# edit auto-configure
4. Specify that you want to configure single VLANs.
[edit interfaces ge-2/3/0 auto-configure]user@host# edit vlan-ranges
5. Define the VLAN ranges for the configuration.
[edit interfaces ge-2/3/0 auto-configure vlan-ranges]user@host# set ranges any, any
6. Specify the dynamic VLAN profile that you want the interface to use.
[edit interfaces ge-2/3/0 auto-configure vlan-ranges]user@host# set dynamic-profile Subscriber_Profile_Retail1
7. Specify that any type of VLAN Ethernet packet is accepted by the interface.
[edit interfaces ge-2/3/0 auto-configure vlan-ranges dynamic-profile“Subscriber_Profile_Retail1”]
user@host# set accept any
8. Repeat steps for any other interfaces that you want to use for creating VLANs.
9. Specify the encapsulation type for the VLAN interfaces.
[edit interfaces ge-2/3/0]user@host# edit encapsulation flexible-ethernet-services
RelatedDocumentation
Configuring Encapsulation for Layer 2Wholesale VLAN Interfaces on page 83•
Configuring Encapsulation for Layer 2Wholesale VLAN Interfaces
Each dynamic VLAN interface in a Layer 2 wholesale network must use encapsulation.
You can configure encapsulation dynamically for each VLAN interface by using the
encapsulation statement at the [edit dynamic-profiles profile-name interface
“$junos-interface-ifd-name” unit “$junos-interface-unit”] hierarchy level or configure
encapsulation for the physical interfaces at the [edit interfaces interface-name] hierarchy
level for each dynamically created VLAN interface to use. However, how you choose to
configure (or not configure) encapsulation at the [edit dynamic-profiles profile-name
interface “$junos-interface-ifd-name” unit “$junos-interface-unit”] hierarchy level affects
how you configure encapsulation at the [edit interfaces interface-name] hierarchy level.
Table 8 on page 84 provides the valid encapsulation combinations for both dynamic
profiles and physical interfaces in the Layer 2 wholesale network.
83Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
Table 8: Encapsulation Combinations for Layer 2Wholesale Interfaces
Usage NotesPhysical InterfaceEncapsulation
Dynamic ProfileEncapsulation
Using the vlan-vpls encapsulation type in both thedynamic profile and when configuring the physicalinterface limits theVLAN IDvalue toanumber greaterthan or equal to 512.
vlan-vplsvlan-vpls
Using the flexible-ethernet-services encapsulationtype removes any VLAN ID value limitation.
flexible-ethernet-servicesvlan-vpls
The extended-vlan-vpls encapsulation type cansupportmultipleTPIDs.Using this encapsulation typeremoves any VLAN ID value limitation.
extended-vlan-vplsvlan-vpls
The extended-vlan-vpls encapsulation type cansupportmultipleTPIDs.Using this encapsulation typeremoves any VLAN ID value limitation.
extended-vlan-vplsNo encapsulation type
To configure encapsulation for Layer 2 wholesale VLAN interfaces:
1. (Optional) Define the VLAN encapsulation for the dynamic interfaces.
[editdynamic-profilesSubscriber_Profile_Retail1 interfaces“$junos-interface-ifd-name”unit “$junos-interface-unit”]
user@host# set encapsulation encapsulation-type
2. Specify the encapsulation type for the physical VLAN interface.
[edit interfaces ge-2/3/0]user@host# edit encapsulation encapsulation-type
NOTE: If you choose not to specify an encapsulation for the logicalinterface, youmust specify extended-vlan-vpls encapsulation for the
physical interface.
RelatedDocumentation
Configuring a Retail Dynamic Profile for Use in the Layer 2Wholesale Solution on
page 79
•
• Configuring VLAN Interfaces for the Layer 2Wholesale Solution on page 82
Configuring NNI ISP-Facing Interfaces for the Layer 2Wholesale Solution
Youmust configure separate, ISP-facing interfaces on each NNI ISP-facing router that
connect to individual retailer ISP access routers in the Layer 2Wholesale solution.
Copyright © 2018, Juniper Networks, Inc.84
Broadband Subscriber ManagementWholesale Feature Guide
NOTE: On the network-to-network (NNI) or egress interfaces of provideredge (PE) routers, youcannot configure the inner-rangevid1—vid2optionwith
the vlan-tags statement for ISP-facing interfaces.
To configure an NNI ISP-facing interface:
1. Access the physical interface that you want to use to access the retailer ISP network.
[edit interfaces]user@host# edit interfaces ge-1/1/0
2. Specify the encapsulation type for the VLAN interfaces.
[edit interfaces ge-1/1/0]user@host# edit encapsulation ethernet-vpls
3. Specify the interface unit that you want ISP clients to use.
[edit interfaces ge-1/1/0]user@host# edit unit 0
4. Repeat these steps for any other NNI ISP-facing interfaces that you want to use. In
this example, youmust also configure interface ge-2/2/0.0.
RelatedDocumentation
ConfiguringDirect ISP-Facing Interfaces for the Layer 2WholesaleSolution onpage85•
• ConfiguringSeparateAccessRouting Instances for Layer 2WholesaleServiceRetailers
on page 86
Configuring Direct ISP-Facing Interfaces for the Layer 2Wholesale Solution
When connecting a subscriber access router directly to an ISP access router, you must
define any ISP-facing interfaces that connect to the retailer ISP access routers as
core-facing interfaces.
To configure a direct ISP-facing interface:
1. Access the physical interface that you want to use to access the retailer ISP network.
[edit interfaces]user@host# edit interfaces ge-1/1/0
2. Specify the encapsulation type for the VLAN interfaces.
[edit interfaces ge-1/1/0]user@host# edit encapsulation ethernet-vpls
3. Specify the interface unit that you want ISP clients to use.
[edit interfaces ge-1/1/0]
85Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
user@host# edit unit 1
4. Specify the unit family.
[edit interfaces ge-1/1/0 unit 1]user@host# set family vpls
5. Define the interface as core-facing to ensure that the network does not improperly
treat the interface as a client interface..
[edit interfaces ge-1/1/0 unit 1 family vpls]user@host# set core-facing
6. Repeat steps for any other direct ISP-facing interfaces that you want to use..
RelatedDocumentation
Configuring NNI ISP-Facing Interfaces for the Layer 2Wholesale Solution on page 84•
• ConfiguringSeparateAccessRouting Instances for Layer 2WholesaleServiceRetailers
on page 86
ConfiguringSeparateAccessRouting InstancesforLayer2WholesaleServiceRetailers
As the owner of the system, the wholesaler uses the default routing instance. Youmust
create separate routing instances for each individual retailer to keep routing information
for individual retailers separate and to define any servers and forwarding options specific
to each retailer.
When creating separate routing instances, it is important to understand the role that the
router plays in the Layer 2Wholesale network and specify that role (either access or NNI)
in the routing instance configuration. If the router connects directly to an ISP network (or
ISP-controlled device), youmust configure the routing instances as an NNI routing
instance. See “ConfiguringSeparateNNI Routing Instances for Layer 2Wholesale Service
Retailers” on page 89.
To define an access retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances RetailerInstance1
2. Specify the VLANmodel that you want the retailer to follow.
[edit routing-instances RetailerInstance1]user@host# set vlan-model one-to-one
3. Specify the role that you want the routing instance to take.
[edit routing-instances RetailerInstance1]user@host# set instance-role access
Copyright © 2018, Juniper Networks, Inc.86
Broadband Subscriber ManagementWholesale Feature Guide
4. Specify the routing instance type for the retailer.
[edit routing-instances RetailerInstance1]user@host# set instance-type l2backhaul-vpn
5. Specify the access interface for the retailer.
[edit routing-instances RetailerInstance1]user@host# set interface ge-2/3/0.0
6. Specify that access ports in this VLAN domain do not forward packets to each other.
[edit routing-instances RetailerInstance1]user@host# set no-local-switching
7. Specify a unique identifier attached to a route that enables you todistinguish towhich
VPN the route belongs.
[edit routing-instances RetailerInstance1]user@host# set route-distinguisher 10.10.1.1:1
8. (Optional) Specify a VRF target community.
[edit routing-instances RetailerInstance1]user@host# set vrf-target target:100:1
NOTE: The purpose of the vrf-target statement is to simplify the
configuration by allowing you to configuremost statements at the [edit
routing-instances] hierarchy level.
87Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
9. Define the VPLS protocol for the routing instance.
a. Access the routing instance protocols hierarchy.
[edit routing-instances RetailerInstance1]user@host# edit protocols
b. Enable VPLS on the routing instance.
[edit routing-instances RetailerInstance1 protocols]user@host# edit vpls
c. Specify the maximum number of sites allowed for the VPLS domain.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set site-range 10
d. Specify the size of the VPLSMAC address table for the routing instance.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# setmac-table-size 6000
e. Specify themaximumnumber of MAC addresses that can be learned by the VPLS
routing instance.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set interface-mac-limit 2000
f. (Optional) Specify the no-tunnel-services statement if the router does not have a
Tunnel Services PIC.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set no-tunnel-services
g. Specify a site name.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set site A-PE
h. Specify a site identifier.
[edit routing-instances RetailerInstance1 protocols vpls site A-PE]user@host# set site-identifier 1
10. Repeat this procedure for other retailers. In this example, youmust configure a routing
instance for Retailer 2.
RelatedDocumentation
Configuring VPLS Routing Instances•
• Configuring NNI ISP-Facing Interfaces for the Layer 2Wholesale Solution on page 84
• Configuring Separate NNI Routing Instances for Layer 2Wholesale Service Retailers
on page 89
Copyright © 2018, Juniper Networks, Inc.88
Broadband Subscriber ManagementWholesale Feature Guide
Configuring Separate NNI Routing Instances for Layer 2Wholesale Service Retailers
As the owner of the system, the wholesaler uses the default routing instance. Youmust
create separate routing instances for each individual retailer to keep routing information
for individual retailers separate and to define any servers and forwarding options specific
to each retailer.
When creating separate routing instances, it is important to understand the role that the
router plays in the Layer 2Wholesale network and specify that role (either access or NNI)
in the routing instance configuration. If the router connects to the access portion of the
network (for example, to an MSAN device) , youmust configure the routing instances as
anaccess routing instance.See “ConfiguringSeparateAccessRouting Instances for Layer
2Wholesale Service Retailers” on page 86.
To define a retailer routing instance:
1. Create the retailer routing instance.
[edit]user@host# edit routing-instances RetailerInstance1
2. Specify the VLANmodel that you want the retailer to follow.
[edit routing-instances RetailerInstance1]user@host# set vlan-model one-to-one
3. Specify the role that you want the routing instance to take.
[edit routing-instances RetailerInstance1]user@host# set instance-role nni
4. Specify the routing instance type for the retailer.
[edit routing-instances RetailerInstance1]user@host# set instance-type l2backhaul-vpn
5. Define the NNI ISP-facing interface for this retailer.
[edit routing-instances RetailerInstance1]user@host# set interface ge-1/1/0.0
6. Specify that access ports in this VLAN domain do not forward packets to each other.
[edit routing-instances RetailerInstance1]user@host# set no-local-switching
7. Specify a unique identifier attached to a route that enables you todistinguish towhich
VPN the route belongs.
[edit routing-instances RetailerInstance1]user@host# set route-distinguisher 10.10.10.1:1
89Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
8. (Optional) Specify a VRF target community.
[edit routing-instances RetailerInstance1]user@host# set vrf-target target:100:1
NOTE: The purpose of the vrf-target statement is to simplify the
configuration by allowing you to configuremost statements at the [edit
routing-instances] hierarchy level.
9. Define the VPLS protocol for the routing instance.
a. Access the routing instance protocols hierarchy.
[edit routing-instances RetailerInstance1]user@host# edit protocols
b. Enable VPLS on the routing instance.
[edit routing-instances RetailerInstance1 protocols]user@host# edit vpls
c. Specify the maximum number of sites allowed for the VPLS domain.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set site-range 1000
d. (Optional) Specify the no-tunnel-services statement if the router does not have a
Tunnel Services PIC.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set no-tunnel-services
e. Specify a site name.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set site A-PE
f. Specify a site identifier.
[edit routing-instances RetailerInstance1 protocols vpls site A-PE]user@host# set site-identifier 1
g. Define the connectivity of the VPLS routing instance as permanent to keep the
VPLS connection up until specifically taken down.
[edit routing-instances RetailerInstance1 protocols vpls]user@host# set connectivity-type permanent
10. Repeat this procedure for other retailers.
Copyright © 2018, Juniper Networks, Inc.90
Broadband Subscriber ManagementWholesale Feature Guide
RelatedDocumentation
Configuring VPLS Routing Instances•
• Configuring VLAN Interfaces for the Layer 2Wholesale Solution on page 82
• ConfiguringSeparateAccessRouting Instances for Layer 2WholesaleServiceRetailers
on page 86
Configuring Access Components for the Layer 2Wholesale Network Solution
Whenconfiguringawholesalenetwork, youmust configure several components globally.
This configuration provides access to RADIUS servers (if used) that you want the
wholesaler andanyconfigured retailers touseglobally. Theaccessconfiguration includes
the following general steps:
• Configuring RADIUS Server Access on page 91
• Configuring a Layer 2Wholesaler Access Profile on page 91
Configuring RADIUS Server Access
You can globally define any RADIUS servers in your network that either the wholesale
access profile or retailer access profile can use. After you define the global RADIUS
servers, you can specify specific RADIUS servers within individual access profiles.
To define RADIUS servers for profile access:
1. Access the [edit access radius-server] hierarchy level.
[edit ]user@host# edit access radius-server
2. Specify the address and secret for any RADIUS servers in the network.
[edit access radius-server]user@host# set 192.168.10.1 secret $ABC123$ABC123$ABC123user@host# set 10.10.10.1 secret $ABC123$ABC123
See Also Configuring Router or Switch Interaction with RADIUS Servers•
Configuring a Layer 2Wholesaler Access Profile
Youmust define the network and interface over which you want subscribers to initially
access the network with a wholesale access profile. When a subscriber attempts to
access the network, the access profile provides initial access information including
authentication and accounting values that the router uses for the accessing subscriber.
To define a wholesale access profile:
1. Create the wholesale access profile.
[edit]user@host# edit access profile AccessProfile
91Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
2. Specify the authentication methods for the profile and the order in which they are
used.
[edit access profile AccessProfile]user@host# set authentication-order radius password
3. Specify that you want to configure RADIUS support.
[edit access profile AccessProfile]user@host# edit radius
4. Specify the IP address of the RADIUS server used for authentication.
[edit access profile AccessProfile radius]user@host# set authentication-server 10.10.10.1
5. Specify the IP address of the RADIUS server used for accounting.
[edit access profile AccessProfile radius]user@host# set accounting-server 10.10.10.1
6. Configure any desired options for the RADIUS server.
See Configuring RADIUS Server Options for Subscriber Access.
7. Configure subscriber accounting (RADIUS accounting).
See Configuring Per-Subscriber Session Accounting.
See Also Configuring Authentication and Accounting Parameters for Subscriber Access•
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring RADIUS Server Parameters for Subscriber Access
• Configuring Per-Subscriber Session Accounting
Example: Retailer Dynamic Profile for a Layer 2Wholesale Network
dynamic-profiles {Subscriber_Profile_Retail1 {routing-instances {"$junos-routing-instance" {interface "$junos-interface-name";
}}interfaces {"$junos-interface-ifd-name" {unit "$junos-interface-unit" {encapsulation vlan-vpls;vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";input-vlan-map {swap;
Copyright © 2018, Juniper Networks, Inc.92
Broadband Subscriber ManagementWholesale Feature Guide
vlan-id "$junos-vlan-map-id";}output-vlan-map swap;family vpls;
}}
}}
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Layer 2Wholesale Network Topology Overview on page 77
• Configuring a Retail Dynamic Profile for Use in the Layer 2Wholesale Solution on
page 79
Example: Access Interface for a Layer 2Wholesale Network
interfaces {ge-2/3/0 {flexible-vlan-tagging;auto-configure {stacked-vlan-ranges {dynamic-profile Subscriber_Profile_Retail1 {accept any;ranges {any,any;
}}access-profile AccessProfile;
}}encapsulation flexible-ethernet-services;
}
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Layer 2Wholesale Network Topology Overview on page 77
• Configuring VLAN Interfaces for the Layer 2Wholesale Solution on page 82
Example: Retailer Access Routing Instances for a Layer 2Wholesale Network
You need to create a routing instance for each retailer to keep routing information for
different retailers separate and to define servers and forwarding options specific to each
retailer.
There are two typesof routing instances that you can create: access orNNI. The following
code snippets showhow to configure separate access routing instances for two retailers:
Retailer_Instance1 and Retailer_Instance2.
routing-instances {Retailer_Instance1 {
93Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
vlan-model one-to-one;instance-role access;instance-type l2backhaul-vpn;interface ge-1/1/0.0no-local-switching;route-distinguisher 10.10.1.1:1;vrf-target target:100:1;protocols {vpls {site-range 10;mac-table-size {6000;
}interface-mac-limit {2000;
}no-tunnel-services;site A-PE {site-identifier 1;
}}
}}Retailer_Instance2 {vlan-model one-to-one;instance-role access;instance-type l2backhaul-vpn;interface ge-2/2/0.0no-local-switching;route-distinguisher 10.10.1.1:2;vrf-target target:300:1;protocols {vpls {site-range 1000;no-tunnel-services;site A-PE {site-identifier 1;
}}
}}
}
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Layer 2Wholesale Network Topology Overview on page 77
• ConfiguringSeparateAccessRouting Instances for Layer 2WholesaleServiceRetailers
on page 86
Example: Retailer NNI ISP-Facing Interfaces for a Layer 2Wholesale Network
interfaces {ge-1/1/0 {
Copyright © 2018, Juniper Networks, Inc.94
Broadband Subscriber ManagementWholesale Feature Guide
description Retailer 1 NNI ISP-facing interface;encapsulation ethernet-vpls;unit 0{
}interfaces {ge-2/2/0 {description Retailer 2 NNI ISP-facing interface;encapsulation ethernet-vpls;unit 0;
}
RelatedDocumentation
Layer 2 and Layer 3Wholesale Overview on page 3•
• Layer 2Wholesale Network Topology Overview on page 77
• Configuring Separate NNI Routing Instances for Layer 2Wholesale Service Retailers
on page 89
Example: Retailer Direct ISP-Facing Interface for a Layer 2Wholesale Network
interfaces {ge-1/1/0 {description Retailer 1 Direct ISP-facing interface;encapsulation ethernet-vpls;unit 1family vpls {core-facing;
}}
}
RelatedDocumentation
• Layer 2 and Layer 3Wholesale Overview on page 3
• Layer 2Wholesale Network Topology Overview on page 77
• ConfiguringDirect ISP-Facing Interfaces for the Layer 2WholesaleSolution onpage85
95Copyright © 2018, Juniper Networks, Inc.
Chapter 7: Configuring Layer 2Wholesale Networks
Copyright © 2018, Juniper Networks, Inc.96
Broadband Subscriber ManagementWholesale Feature Guide
PART 4
Configuring ANCP-Triggered Layer 2Wholesale Services
• ANCP-Triggered Layer 2Wholesale Service Overview on page 99
• Configuring ANCP-Triggered Layer 2Wholesale Services on page 169
• Configuring Flat-File Accounting for Layer 2Wholesale Services on page 181
97Copyright © 2018, Juniper Networks, Inc.
Copyright © 2018, Juniper Networks, Inc.98
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 8
ANCP-Triggered Layer 2 WholesaleService Overview
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
• Junos OS Predefined Variables on page 118
• Juniper Networks VSAs Supported by the AAA Service Framework on page 143
• AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs
for Junos OS on page 157
• AAA Accounting Messages and Supported RADIUS Attributes and Juniper Networks
VSAs for Junos OS on page 164
Layer 2Wholesale with ANCP-Triggered VLANs Overview
The conventionalmechanism for triggering autosensed dynamic VLANs relies on access
line attributes provided by PPPoE or DHCP traffic in upstream control packets. Packets
of a specified type are exceptioned and authorization depends on fields extracted from
the packet as specified in a dynamic profile assigned to the autosensed VLAN range.
However, for some wholesale networks, the traffic might not be PPPoE or DHCP. In this
case, a different mechanism is required.
Figure 9 on page 100 shows a sample topology with direct connections between the
wholesaler’s BNG and the NSP (network service provider) routers for the retailers. Each
retailer’s network resides in a dedicated routing instance. The wholesaler uses Layer 2
cross-connects to implement the retail networks with 1:1 autosensed, dynamic VLANs
and VLAN tag swapping. Core-facing physical interfaces are dedicated to forwarding
subscriber connections to the retailer’s router. The traffic for an entire outer VLAN can
be wholesaled this way. This direct-connect model supports any combination of
wholesaler-ownedandwholesaledconnections for theentireaccess-facingVLANrange.
99Copyright © 2018, Juniper Networks, Inc.
Figure 9: Sample Layer 2Wholesale Access Topology
Awholesaler providing Layer 2 bitstream access to NSP partners might use this model.
Bitstream access enables retailers to offer bidirectional transmission of broadband data
and other high-speed services directly to customers across the wholesaler’s network. In
this topology, the PPPoE residential and subscriber customers are retained by the
wholesaler (access provider). The non-PPPoE connections (here multiple connections
and subscribers are represented by a single line) can be wholesaled to retail NSPs.
In this model, dynamic VLAN detection and creation for the wholesaled connections do
not use in-band control packets. Instead, they rely on an out-of-band protocol, ANCP.
ANCPPort Upmessages both announce to the ANCPagent on the BNG that newaccess
linesareoperationalandprovideupdatesaboutpreviouslyannounced lines.Themessages
include ANCP DSL attributes that correspond to Juniper Networks DSL VSAs and DSL
Forum VSAs.
Starting in Junos OS Release 16.1R4, you can configure the ANCP agent to trigger the
creation of an autosensed VLANwhen the ANCP agent receives a Port Upmessage
where the DSL-Line-State attribute has a value of Showtime. The Showtime state
indicates that ports are configured, the subscriber is connected, and the DSLmodem is
online and ready to transfer data. The other possible values of the attribute, Idle and
Silent, are ignored for this purpose and are used by the ANCP agent only to update the
ANCP session database (SDB).
During VLAN authorization, RADIUS determines which traffic belongs to the access
provider’s own subscribers and which belongs to the wholesale customer (retail NSP)
based on identification of the subscriber’s access line by the agent remote identifier.
Copyright © 2018, Juniper Networks, Inc.100
Broadband Subscriber ManagementWholesale Feature Guide
When the ANCP agent receives the Port Upmessage, the agent triggers the
autoconfiguration daemon, autoconfd, to initiate the VLANdetection, authorization, and
creation processes. Those processes require the following information:
• Three ANCP subscriber access loop attributes (TLVs) that identify the access line and
are conveyed in the Port Upmessage:
• Access-Loop-Circuit-ID—Access loop circuit identifier used by the ANCP agent to
determine which logical interface or interface set corresponds to the subscriber;
corresponds to the Juniper Networks Acc-Loop-Cir-ID VSA (26-110).
• Access-Loop-Remote-ID—Unique identifier of the access line; corresponds to the
Juniper Networks Acc-Loop-Remote-ID VSA (26-182).
• Access-Aggregation-Circuit-ID-Binary—Identifier that represents the outer VLAN
tag that the access node inserts on upstream traffic; corresponds to the Juniper
Networks Acc-Aggr-Cir-Id-Bin VSA (26-111).
• The name of the physical interface facing the subscriber. This name derives from the
local mapping of an ANCP neighbor to the corresponding subscriber-facing access
port.
The Access-Aggregation-Circuit-ID-Binary attribute and the access-facing interface
name together provide information equivalent to that used for conventional autosensed
VLAN detection.
ANCP Port Downmessages indicate that the subscriber access loop is not present or at
least is no longer operational. This message triggers the automatic destruction of the
dynamic VLAN, regardless of the value of any other ANCP line attribute.
VLAN logical interfaces are created in the default routing-instance unless a nondefault
routing instance isprovidedby local authorization (domainmap)or external authorization
(RADIUS). Multiple routing instances are required when both access-provider-owned
and wholesaled connections are supported at the same time. One routing instance is
required for the access provider’s own subscribers. An additional routing instance is
required for each retail NSP. Consequently, the routing-instancehas tobe specifiedwhen
the VLAN is authorized. The RADIUS-based VLAN authorization process determines
whether the subscriber access-loop identified by the attributes in the Port Upmessage
is wholesaled to a partner NSP—and therefore maintained as a unique
routing-instance—or managed as a subscriber owned by the access provider.
• RADIUS Authorization for ANCP-Triggered VLANs on page 102
• Instantiation of an ANCP-Triggered, Autosensed, Dynamic VLAN on page 103
• Weighted Load Balancing for Subscriber Sessions over Eligible Core-Facing Physical
Interfaces on page 104
• RADIUS Interim Accounting Updates on page 105
• Removal of the Layer 2Wholesale Service on page 106
• Interactions Between In-Band and Out-of-Band VLAN Autosensing on page 107
• Migration of Subscriber Ownership fromWholesaler to Retailer on page 109
• Migration of Subscriber Ownership from Retailer toWholesaler on page 109
101Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
• Migration of Subscriber Ownership Between Retailers on page 110
• Modification of the Access Line Identifier or Port VLAN Identifier on page 111
• Disconnecting PPPoE Sessions and Automatically Attempting Reconnection as Layer
2Wholesale Sessions on page 112
• Consequencesof aStateTransition in theAccess-FacingPhysical Interfaceonpage 113
• Consequences of a State Transition from Up to Down in the Core-Facing Physical
Interface on page 114
• Consequences of a State Transition from Down to Up in the Core-Facing Physical
Interface on page 116
• Loss of ANCP TCP Adjacency on page 116
RADIUS Authorization for ANCP-Triggered VLANs
Whenasubscriber logs in, theAccess-Requestmessage that is sent to theRADIUSserver
includes a username and optionally a password generated locally on the router. You can
configure the router to create a unique username with the value of ANCP TLVs—
Access-Loop-Circuit-ID, Access-Loop-Remote-Id, or both—as received in the ANCPPort
Upmessage from the access node. Alternatively, if you configure the router to convey
ANCP-sourced access loop attributes as Juniper Networks VSAs—in this case
Acc-Loop-Cir-Id (26-110) andAcc-Loop-Remote-Id (26-182)—then theAccess-Request
message includes sufficient unique access line information for the RADIUS server to
determine whether the access loop is wholesaled to a retailer or retained for the
wholesaler.
TheRADIUS server responds to theAccess-Requestwith one of the followingmessages:
• Access-Accept—In this case, theVLAN triggeredby thePortUpmessage iswholesaled
to a retail NSP. Authorization is similar to that for PPPoE sessions. The Access-Accept
includes the Virtual-Router VSA (26-1) with a value that corresponds to the NSP’s
unique, nondefault routing instance.Themessagecanoptionally includeclient services,
such as attributes for parameterized CoS, firewall filters and policies for the logical
interface, and Layer 2 service activations.
• Access-Reject—In this case, either the VLAN triggered by the Port Upmessage is one
of thewholesaler’s own subscribers or RADIUS refuses to grant access to the network.
In either case, the VLAN entry is removed from the ANCP SDB. Unless a Port Down
message is received first, the router ignores subsequent Port Upmessages for this
subscriber.However, conventionaldynamic stackedVLANautosensingmaybe initiated
by access protocol negotiation, such as PPPoE.
Copyright © 2018, Juniper Networks, Inc.102
Broadband Subscriber ManagementWholesale Feature Guide
Instantiation of an ANCP-Triggered, Autosensed, Dynamic VLAN
WhentheRADIUSserver returnsanAccess-Acceptmessage, thedynamicprofileassigned
to the autosensed VLAN range is instantiated with the following results:
1. The dynamic VLAN logical interface that represents the Layer 2 wholesale service
within the NSP’s unique routing instance is created.
2. A core-facing physical interface is selected by a weighted load distribution method
from the set of eligible interfaces assigned to the NSP’s routing instance. A physical
interface is eligible when it is operationally up and has at least one VLAN tag that is
available for assignment.
3. The access-facing, autosensed outer VLAN tag is mapped to a unique inner VLAN
tag. The outer VLAN tag is derived from the Access-Aggregation-Circuit-ID-Binary
TLV carried in the ANCP Port Upmessage. The inner VLAN tag is allocated from the
VLAN range configured for the core-facing physical interface.
4. The innerVLANtag is swappedwith (replaces) theouterVLANtagwhen thesubscriber
traffic is tunneled to the NSP. In the dynamic profile, the inner VLAN tag is provided
by the predefined variable, $junos-inner-vlan-map-id.
5. TheautosensedouterVLANtag is swappedwith the innerVLANtagwhendownstream
packets from the NSP (which include the allocated inner VLAN tag) are forwarded
to the subscriber.
You can configure each core-facing physical interface with a range of up to 4094
VLAN IDs. The inner VLAN swap range is assigned to the physical interface locally.
This means that inner VLAN ranges for different physical interfaces can overlap each
other completely, partially, or not at all.
6. Optionally, before the subscriber packets are forwarded to an NSP, the outer VLAN
tag protocol identifier (TPID) in the subscriber packets can be swapped with a TPID
to meet the requirements of an individual NSP. In this case, the original value is
swapped with the NSP TPID for packets forwarded to the subscriber.
7. AnadditionalVLANtag, theTrunkVLAN ID, is used internally to identify theprovisioned
core-facing physical interface so that the subscriber traffic can be tunneled to the
allocated interface. In thedynamicprofile, this ID is providedby thepredefinedvariable,
$junos-vlan-map-id. This identifier differentiates amongmultiple core-facing trunk
physical interfaces for the same NSP.
8. Anyclient services, suchasCoSor firewall filters, areapplied to the subscriber session.
These services are optionally specified in the RADIUS configuration and conveyed in
the RADIUSmessage as Juniper Networks VSAs.
103Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
9. The VLAN session is activated after the logical interface is created and configured for
the dynamic VLAN session. Session activation initiates a RADIUS Accounting-Start
message. Any services that were received from RADIUS during authorization are now
activated.
10. After the dynamic VLAN has been created, subsequent ANCP Port Upmessages do
not cause a re-authorization of the dynamic VLAN session. Instead, when the ANCP
agent receives another Port Upmessage for the access loop, it updates the ANCP
SDBwith any changes in ANCP attributes.
WeightedLoadBalancing forSubscriberSessionsover EligibleCore-FacingPhysical Interfaces
Tthe router uses weighted load distribution instead of round-robin distribution to assign
Layer 2 wholesale subscriber sessions across multiple core-facing physical interfaces
according to the weight of the interface. The weight of an interface correlates with the
number of VLAN tags available from the aggregate inner (core-facing) VLAN ID swap
ranges on the interface.
How you configure the inner VLAN ID swap ranges determines the relativeweights of the
interfaces:
• The interface with the highest number of available inner VLAN ID tags has the highest
weight.
• The interface with the next-highest number of tags has the next-highest weight, and
so on.
• The interface with the lowest number of available tags has the lowest weight.
Using the available inner VLAN ID tags from the swap ranges rather than the aggregate
total VLAN tagsmeans that the relativeweights of the interfaces aremore dynamic. The
weighted load distribution mechanism can respondmore quickly to subscriber logouts,
migration of subscriber ownership fromwholesaler to retailer and retailer to wholesaler,
core-facing physical interface state transitions (including movement to the remaining
eligible core-facing interfaceswhen an interface state transitions fromUp toDown), and
failures of any of the core-facing physical interfaces. When an interface recovers
(transitions from Down to Up), weighted load distribution generally favors this interface
for either pending sessions or for new Layer 2 wholesale sessions that subsequently
occur.
NOTE: Core-facing physical interface selection and session distribution areprobability based; the load is not strictly distributed according to weight.
With weighted load distribution the router selects interfaces randomly, but the sessions
are distributed across interfaces proportionally in relationship to the weight of the
interfaces. The router generates a randomnumber within a range equal to the aggregate
total of all available inner VLAN ID tags from the swap ranges of all the core-facing
physical interfaces. The router thenassociatespart of the range—apoolofnumbers—with
each interface proportional to the interface’s weight. An interface with a higher weight
Copyright © 2018, Juniper Networks, Inc.104
Broadband Subscriber ManagementWholesale Feature Guide
is associated with a greater portion of the range—a larger pool—than an interface with
a lower weight. An interface is selected when the random number is in its associated
pool of numbers. The random number is more likely, on average, to be in a larger pool,
so an interface with a higher weight (larger pool) is more likely to be selected than an
interface with a lower weight (smaller pool).
For example, consider two core-facing physical interfaces, IFD1 and IFD2. Based on the
inner VLAN ID swap ranges configured for these two interfaces, IFD1 has 1000 available
VLAN tags and IFD2 has only 500 available tags. The subscriber sessions are randomly
distributed across the two interfaces based on their relative weights; IFD1 has a higher
weight than IFD2. Because IFD1 has twice as many available tags as IFD2, the pool of
numbers associated with IFD1 is also twice as many as for IFD2. The random number
generated by the router is twice as likely to be in the pool for IFD1 than for IFD2.
Consequently, IFD1 is favored 2:1 over IFD2, and subscriber sessions are twice as likely to
be assigned to IFD1 as IFD2.
RADIUS Interim Accounting Updates
Interim accounting reports sent to AAA for out-of-band triggered, autosensed dynamic
VLANs are supported in the samemanner as for conventional autosensed, dynamic,
authorized VLANs or client sessions (such as PPPoE sessions). The ANCP agent sends
a notification to AAAwhen it receives an update from the access node. By default, AAA
only reports the update to the RADIUS server at the configured interval.
You can configure the ANCP agent so that when it notifies AAA, an interim update
Accounting-Request message is immediately sent to the RADIUS server. Immediate
interim accounting updates can be sent for an ANCP-triggered dynamic VLAN session
only when a change occurs in certain key ANCP attributes for the associated access line
that can influence system behavior. To prevent an additional load on the RADIUS server
for changes to less critical ANCP attributes, changes to any other ANCP attributes do
not trigger immediate accounting-interim-updatemessages. Instead, those changes are
reported in the next scheduled Accounting-Interim-Update message.
Immediate interim accounting updates can be sent for changes to any of the following
ANCP attributes for an existing session that corresponds to the access line (based on
the Access-Loop-Circuit-ID TLV):
• Actual-Net-Data-Rate-Upstream—When the calculated (adjusted) upstream rate
results in a change to this attribute, the accounting message reports the attribute in
the Juniper Networks Act-Data-Rate-Up VSA (26-113). The calculated speed change
is reported in the Upstream-Calculated-QoS-Rate VSA (26-142).
• Actual-Net-Data-Rate-Downstream—When the calculated (adjusted) downstream
rate results in a change to this attribute , the accountingmessage reports the attribute
in the JuniperNetworksAct-Data-Rate-DnVSA(26-114). The calculated speedchange
is reported in the Downstream-Calculated-QoS-Rate VSA (26-141).
When the ancp-speed-change-immediate-update statement is configured at the [edit
access profile profile-name accounting] hierarchy level, RADIUS immediate interim
accounting updates are sent for changes to the Actual-Net-Data-Rate-Upstream and
Actual-Net-Data-Rate-Downstream TLVs.
105Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
When in addition the auto-configure-trigger interface interface-name statement is
configured at the [edit protocols ancp neighbor ip-address] hierarchy level, immediate
interim accounting updates are also sent for changes to the Access-Loop-Remote-ID
and Access-Aggregation-Circuit-ID-Binary TLVs.
For more information about RADIUS immediate interim accounting updates, see
Configuring Immediate Interim Accounting Updates to RADIUS in Response to ANCP
Notifications.
Removal of the Layer 2Wholesale Service
Any of the following events can remove the logical interface for the dynamic VLAN that
represents the access service provided by the Layer 2 wholesaler:
• The receipt of an ANCP Port Downmessage for the corresponding access loop. The
sameANCPattributes that initiate dynamic VLAN creation also initiate dynamic VLAN
destruction.
No action is taken for an ANCP Port Downmessage for which any of the following is
true:
• No corresponding subscriber session exists.
• A corresponding subscriber session is present, but is in the process of being deleted.
• Themessage refers to a conventional autosensed session (which is removed by
normal protocol processing).
• An explicit reset of the connection between the ANCP agent and the access node,
which triggers a mass logout of all affected dynamic VLAN sessions that support the
wholesaled Layer 2 access connections. Sessions for thewholesaler’s own subscribers
are not affected.
• Thedeletionor transition toanoperational downstateof the subscriber-facingphysical
interface or the core-facing physical interface.
• The loss of adjacency between the neighbor and the ANCP agent.
• The issuance of the clear auto-configuration interfaces command to log out the VLAN
or the clear ancp access-loop command to force a subscriber reset.
• The receipt of a RADIUS-initiated disconnect message.
Any of these events also deactivates the subscriber session to prevent future service
activations and issues a RADIUS Accounting-Stopmessage for related services and for
the dynamic VLAN subscriber session. The dynamic profile is then de-instantiated to
remove first the dynamic VLAN logical interface and then the corresponding session
entry in the VLAN SDB.
You canmonitor the number of Layer 2 cross-connected subscriber sessions per port.
Use the show subscribers summary port extensive command to display the number of
subscribersperport by client type (VLAN-OOB)andconnection type (Corss-connected).
Additionally, the object ID jnxSubscriberPortL2CrossConnectCounter in the
jnxSubscriberPortCountTable in the JuniperNetworks enterprise-specificSubscriberMIB
Copyright © 2018, Juniper Networks, Inc.106
Broadband Subscriber ManagementWholesale Feature Guide
displays the number of Layer 2 cross-connected subscriber sessions on ports that have
active sessions.
Interactions Between In-Band and Out-of-Band VLANAutosensing
TheANCP-triggeredLayer 2wholesale implementationaccommodatesboth subscribers
wholesaled to a retailer and subscribers belonging to the wholesaler. Any subscriber
session detected on the access-facing physical interface can be one or the other. This
means thatanoverlapexistsbetween theouter tag range for theout-of-bandautosensed
VLANs and that for in-band, autosensed, stacked VLANs.
BothaPPPoEsessionandawholesaledsessionmightbeattempted for the sameaccess
loop. To avoid the undesirable load on the router and the RADIUS server that can ensue
when that happens, the order of session negotiation is determined by the order in which
packets (PPPoEPADIorANCPPortUpmessage)are received for thesameaccess-facing
physical interface and VLAN outer tag.
NOTE: Thefollowingsequencesassumethat the remove-when-no-subscribers
statement is included at the [edit interfaces interface-name auto-configure]
hierarchy level for the access-facing physical interface.
The following sequence of events occurs when a PPPoE PADI packet is received on an
in-band control channel before anANCPPort Upmessage is received on an out-of-band
control channel, for the same access loop:
1. ThePADI receipt triggers creationof adynamic stackedVLAN logical interface. PPPoE
and PPP negotiation are in progress.
2. TheANCPPort-Upmessage is received for theaccess loop.Because thecorresponding
in-band VLAN logical interface already exists for the same access-facing physical
interface and outer VLAN tag, the ANCP agent simply stores the ANCP access line
attributes and the name of the physical interface in the session database. The agent
takesnoother action for themessageas longas thePPPsession (PPP logical interface
and the underlying dynamic VLAN logical interface) is maintained.
3. PPP negotiation terminates due to authentication failure (RADIUS Access-Reject
response) or a normal logout,which triggers clean-upof thePPPsessionand removal
of the PPP logical interface.
4. Because the remove-when-no-subscribers statement is configured. deletion of the
PPP logical interface results in deletion of the dynamic stacked VLAN.
5. The next event depends on whether authorization of the ANCP Port Upmessage has
been attempted before.
107Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
• If authorization was not previously attempted:
a. A VLAN-OOB SDB session is created and authorization of the access-loop is
initiated.
b. All exceptioned PPPoE PADI packets received by in-band VLAN auto-sensing
are ignored until RADIUS responds to the authorization request.
c. The authorization result determines what happens next:
• If the authorization succeeds (RADIUS returns an Access-Accept message),
thenadynamic Layer 2wholesale logical interface is createdwithin the retailer
NSP’s routing-instance.
• If the authorization fails (RADIUS returns an Access-Reject message), then
theVLAN-OOBsession is cleanedup.Processing resumes for anyexceptioned
PPPoE PADI packets that are subsequently received by in-band VLAN
autosensing.
• If authorization was previously attempted, then no action is taken because the
failure of the PPP session negotiation is assumed to be a login failure outside the
Layer2 wholesale context. This behavior prevents unnecessary authorization in
response to the ANCP Port-Upmessage every time a PPPoE session terminates
and cleans up from a normal subscriber logout.
The following sequence of events occurs when an ANCP Port Upmessage is received
on an out-of-band control channel before a PPPoE PADI packet for an access loop is
received on an in-band control channel, both for the same access loop:
1. Receipt of the ANCP Port Upmessage triggers authorization of the access loop.
2. A PPPoE PADI packet is received. The packet is ignored because authorization is
already in progress for the sameaccess-facing physical interface and outer VLAN tag.
3. The authorization result determines what happens next:
• If authorizationsucceeds(RADIUSreturnsanAccess-Acceptmessage)—represented
by a VLAN-OOB session in the SDB—then dynamic creation of the VLAN logical
interface is initiated for a Layer 2 wholesale session. When the interface is created,
subsequentPPPoEPADIpacketsdetectedby in-bandVLANautosensingare ignored
and no longer exceptioned.
• If authorization fails (RADIUS returns an Access-Reject message), the VLAN-OOB
session is cleaned up.
a. Receipt of a subsequent PPPoE PADI packet initiates creation of a dynamic
stacked VLAN.
b. PPPoE and PPP negotiation takes place and events proceed as usual for a
conventional, dynamic autosensed VLAN.
Copyright © 2018, Juniper Networks, Inc.108
Broadband Subscriber ManagementWholesale Feature Guide
Migration of Subscriber Ownership fromWholesaler to Retailer
Thewholesaler-ownedsubscribersareconnectedbymeansofdynamicPPPoE interfaces
over dynamic VLANs. For each subscriber, the PPPoE sessionmust be disconnected and
the corresponding PPP logical interface deleted before ANCP Port Upmessages for the
sameunderlying physical interface andVLANouter tag can serve as out-of-band triggers
for dynamic VLAN autosensing.
One approach to migrating fromwholesale to retail ownership is to do the following:
1. Update theRADIUSserver database so that subscriber authentication for the relevant
access lines results in a RADIUS Access-Reject response. This causes subsequent
attempts to negotiate PPPoE for the access line to fail.
2. Initiate logout of the dynamic PPPoE sessions; for example, by issuing a
RADIUS-initiated disconnect. This triggers cleanup of the PPPoE logical interface and
associated services, which includes issuing RADIUS Accounting-Stopmessages for
the session and active services, as well as removing the dynamic PPPoE logical
interface.
If the migration requires swapping out the current CPE device for another, and the
PPPoE session is not otherwise gracefully logged out, then turning off the CPE results
in a PPP keepalive failure on the router and triggers session logout.
3. Remove the underlying dynamic VLAN logical interface. This occurs automatically
when the remove-when-no-subscribers statement is included at the [edit interfaces
interface-nameauto-configure]hierarchy level for theaccess-facingphysical interface.
Otherwise, issue the clear auto-configuration interfaces interface-name command to
remove the dynamic VLAN logical interface.
4. Trigger a Port Up notification to initiate dynamic VLAN detection, authorization, and
creation by one of the following methods:
• Power cycle the CPE, with a sufficient delay between turning off and turning back
on the device so that a Port Downmessage is sent followed by a Port Upmessage
and the router is given enough time to detect a keepalive failure indicating loss of
the session.
• Issue a clear ancp access-loop command.
• Issue a request ancp oam port-up command.
Migration of Subscriber Ownership fromRetailer toWholesaler
One approach to migrating from retail to wholesale ownership is to do the following:
1. Update the RADIUS server database so that dynamic VLAN authorization for the
relevant access lines results in a RADIUS Access-Reject response. Doing this causes
subsequent ANCP Port Upmessages to be ignored.
109Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
2. Initiate logoutof thedynamicVLANsessionssupporting thewholesaleaccessservice;
for example, by issuing a RADIUS-initiated disconnect. Doing this triggers cleanup of
thesession,which includes issuingRADIUSAccounting-Stopmessages for thesession,
removal of the dynamic VLAN logical interface and active services, and freeing the
allocated inner VLAN tag associated with the core-facing physical interface for
assignment to a different Layer 2 wholesale subscriber session.
If themigration requires swappingout the currentCPEdevice for another, then turning
off the CPE results in an ANCP Port Downmessage that triggers session logout and
cleanup.
3. Allowsubscribers to connect to thewholesaler’s network using conventional dynamic
VLANautosensing followedbyPPPoEandPPPnegotiationandcreationofPPP logical
interfaces.
Migration of Subscriber Ownership Between Retailers
Typically, youmigrate access between NSP retailers by triggering a restart of the existing
dynamic VLAN session. The restart initiates a logout from the session followed by
immediate dynamic VLAN detection, authorization, and creation within the
routing-instance corresponding to the newNSP. A restart is a logical Port Down and Port
Up sequence for the VLAN’s corresponding access loop. You can use any of the following
methods to restart a given dynamic VLAN logical interface:
• Initiate a RADIUS Disconnect-Request message or configure your RADIUS server to
send themessage. Themessagemust have the Acct-Terminate-Cause RADIUS
attribute (49) set to a value of 16 (callback). This cause is processed as a disconnect
(logout) followed immediately by a reconnect (login) only for dynamic VLANs created
byanANCPPortUpmessage.Other clients respond to this valuewithonlyadisconnect.
• Include the reconnectoptionwhenyou logout subscriberswith theclearnetwork-access
aaa subscriber command. You can specify subscribers by either the session identifier
or the username. This option attempts to reconnect a cleared session as a Layer 2
wholesale sessionwhen thesubscriber sessionhasbeen fully loggedout. Thisbehavior
is equivalent to issuing a RADIUS-initiated disconnect that is configured for reconnect;
that is, when themessage includesAcct-Terminate-Cause (RADIUSattribute 49)with
a value of callback (16).
• Trigger a Port Downmessage followed by a Port UPmessage by one of the following
methods:
• Power cycle the CPE, with a sufficient delay between turning off and turning back
on the device so that a Port Downmessage is sent followed by a Port Upmessage
and the router is given enough time to detect a keepalive failure indicating loss of
the session.
• Issue a clear ancp access-loop command.
Copyright © 2018, Juniper Networks, Inc.110
Broadband Subscriber ManagementWholesale Feature Guide
Modification of the Access Line Identifier or Port VLAN Identifier
When the line identifier or port VLAN identifier for an access loop ismodified, the access
node reports the change in a Port Upmessage to the ANCPagent. Themessage conveys
the line ID in the Access-Loop-Remote-ID TLV and the port VLAN ID in the
Access-Aggregation-Circuit-ID-Binary TLV.
Theaccessnodeshould sendaPortDownmessage for theaccess loopbefore itmodifies
anyof the identificationattributes for anexisting session. ThePortDownmessage triggers
clean up of the corresponding Layer 2 wholesale session. If the access node does not
sendaPortDown in this case, then the followingbehavior has the sameeffect as inserting
the Port Downmessage that the access node failed to send:
• For a line ID change, the ANCP agent treats the reconfiguration as a logical Port Down
message for theaccess line identifiedby thepreviousAccess-Loop-Remote-Id, followed
byaPortUpmessage for theaccess line identifiedby thenewAccess-Loop-Remote-Id.
• For a port VLAN ID change, the ANCP agent treats the reconfiguration as a logical Port
Downmessage for the access line identified by the previous
Access-Aggregation-Circuit-Id-Binary, followed by a Port Upmessage for the access
line identified by the new Access-Aggregation-Circuit-Id-Binary.
In either case, theANCPagentnotifies theautoconfigurationdaemon(autoconfd),which
takes the following actions:
1. Logs out the corresponding Layer 2 wholesale session.
2. Sends aRADIUSAccounting-Stopmessagewith the final statistics for the associated
service sessions and client session.
3. Removes the dynamic VLAN logical interface.
4. Attempts to reestablish the Layer 2 wholesale session bymeans of a login sequence,
including authentication, creation of the dynamic VLAN logical interface, activation
of any services, and if successful, sending RADIUS Accounting-Start messages for
the service and client sessions.
Youmustmanually log out any PPPoE session corresponding to the access line with the
previous identifiers, even if the access node sends the appropriate Port Downmessage
when the values change.
NOTE: In the case of a change in the port VLAN ID only, autoconfd takes noaction to reinitiate the session when a dynamic stacked VLAN or a Layer 2wholesale session existswith the sameaccess-facing physical interface andouter VLAN tag. Youmustmanually intervene in this case, such as by issuinga request ancp oam port-up command to initiate the creation of the Layer 2
wholesale session.
111Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
BEST PRACTICE: Because an existing session is not automatically loggedout, we recommend that the network operator disconnect the session—forexample, by issuing a RADIUS Disconnect-Request message—beforemodifying any of the access line attributes. Depending on subsequentsubscriber login and successful negotiation, a new session with the newidentifier may then be created as usual.
Disconnecting PPPoE Sessions and Automatically Attempting Reconnection as Layer 2Wholesale Sessions
You can use RADIUS-initiated disconnect messages to disconnect and log out existing
PPPoE sessions and attempt to reestablish them as Layer 2 wholesale sessions. Use
Access-Reject messages to prevent PPPoE subscriber access and attempt a reconnect
as a Layer 2wholesale session. Use this featurewhen youwant tomigrate sessions from
PPPoE to Layer 2 wholesale. Both the RADIUS-initiated disconnect and Access-Reject
messagemust include Acct-Terminate-Cause (RADIUS attribute 49) with a value of
callback (16); callback causes the reconnect attempt. The remove-when-no-subscribers
statement must be configured on the underlying physical interface.
1. The initial behavior for the messages is the following:
• Access-Rejectmessage—WhenaPPPoEPADI is received andanewPPPoE session
is requested, RADIUS responds to the Access-Request message with an
Access-Rejectmessage. The session is rejected, fully loggedout, and the underlying
dynamic VLAN logical interface is removed.
• RADIUS-initiated disconnect message—When a RADIUS-initiated disconnect
message is received for an existing PPPoE session, the dynamic PPPoE session is
logged out and the underlying dynamic VLAN logical interface is removed.
2. The next action is the same for both messages:
• If an ANCP Port Upmessage has been received for the corresponding access line,
the router attempts to authorize the access line and create a dynamic Layer 2
wholesale VLAN logical interface in place of the underlying dynamic VLAN logical
interface that was removed.
• If a Port Upmessage has not been received, then this action is deferred until the
message is received.
• If a PPPoE PADI is received before an ANCP Port Upmessage, RADIUS responds
to the Access-Request for a new PPPoE session with an Access-Reject message.
The session is rejected, fully logged out, and the underlying dynamic VLAN logical
interface is removed.
If theRADIUS-initiateddisconnectorAccess-Rejectmessage is received for anon-PPPoE
session, such as DHCP, the session is disconnected, but the reconnect request is ignored.
No attempt is made to establish a Layer 2 wholesale session.
If the RADIUS-initiated disconnect does not include Acct-Terminate-Cause with a value
of callback, PPPoE renegotiation after the disconnect can succeed, but if an ANCP Port
Copyright © 2018, Juniper Networks, Inc.112
Broadband Subscriber ManagementWholesale Feature Guide
Upmessage is received for the access line before a PPPoE session is established, then
a Layer 2 wholesale session is attempted.
Asanalternative to theRADIUS-initiateddisconnect, youcanmanually logout thePPPoE
session with the clear network-access aaa subscriber command. Specify the subscriber
by either username or session ID. When you include the reconnect option, it attempts to
reconnect thecleared sessionasaLayer 2wholesale sessionwhen the subscriber session
has been fully logged out.
Consequences of a State Transition in the Access-Facing Physical Interface
The followingbehavior resultswhen theaccess-facingphysical interface state transitions
from Up to Down:
• Conventional in-band VLAN autosensing stops for the interface.
• ANCP-sourced Port Upmessages for the interface are ignored. Action on new or
unprocessed Port Upmessages is deferred until the interface transitions to the Up
state. If the ANCP connection is in band with the subscriber traffic on the interface,
then all ANCP traffic stops; if the outage lasts long enough, the ANCP adjacency is
lost.
• All Layer 2 wholesale sessions that are assigned to the interface are treated as if the
ANCP agent received a Port Downmessage for the corresponding access line. Each
session is subject to being logged out.Whether a session is logged out depends on the
ANCPadjacency losshold timer. The timer starts runningwhen theANCPagentdetects
the state transition to Down. The subscriber continues using the original session if all
three of the following occur before the timer expires:
1. The physical interface comes back up.
2. The ANCP adjacency is restored.
3. A Port Upmessage is received on the interface.
Otherwise, autoconfd takes the following actions:
1. Logs out the session.
2. SendsaRADIUSAccounting-Stopmessagewith the final statistics for theassociated
service sessions and client session.
3. Removes the dynamic VLAN logical interface.
These sessions can be reestablished when the physical interface recovers, unless an
ANCP Port Downmessage is received.
• The autoconfiguration daemon does not automatically delete dynamic, autosensed
VLAN logical interfaces. The interfaces for the ANCP-triggered Layer 2 wholesale
VLANs are maintained because the assumption is that an outage is short-lived. If the
outage is not short-lived, then a subsequent Port Downmessage brings down the
session and removes the interface.
For conventional autosensed dynamic VLANs, the interface is removed only when the
remove-when-no-subscribers statement is configured on the access-facing physical
interface andall references to theVLAN logical interface fromahigher logical interface
113Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
or session are removed. Thismechanismdoes not apply to theANCP-triggered Layer 2
wholesale VLANs because they do not have upper session references.
The followingbehavior resultswhen theaccess-facingphysical interface state transitions
from Down to Up:
1. Conventional in-band VLAN autosensing resumes for the interface. PPPoE sessions
owned by the access provider that were logged out due to the transition from Up to
Down can renegotiate and undergo a full login sequence.
2. Appropriateactionsare taken forallANCPPortUpmessages for the interface, including
messages that were deferred because of the previous Down state for the interface.
If the ANCP connection is in band with the subscriber traffic, then all ANCP traffic
resumes.
3. Forwarding resumes for any dynamic, autosensed VLAN logical interfaces that were
not deleted when the interface went down.
Deletion of an access-facing physical interface triggers logout and removal of all upper
dynamic VLAN logical interfaces and their corresponding sessions.
Consequences of a State Transition fromUp to Down in the Core-Facing Physical Interface
The following behavior results when the core-facing physical interface state transitions
from Up to Down:
• The core-facing physical interface is no longer eligible for assigning new or pending
access lines in this routing instance as based on the original RADIUS authorization.
• All Layer 2 wholesale sessions that are assigned to the interface are treated as if the
ANCP agent received a Port Down/Port Upmessage sequence for the corresponding
access line. Each session is subject to being logged out. Whether a session is logged
out depends on the ANCP adjacency loss hold timer. The timer starts running when
the ANCP agent detects the state transition to Down. The subscriber continues using
the original session if all three of the following occur before the timer expires:
1. The physical interface comes back up.
2. The ANCP adjacency is restored.
3. A Port Upmessage is received on the interface.
Otherwise, autoconfd takes the following actions:
1. Logs out the session.
2. Removes the session entry from the SDB.
3. SendsaRADIUSAccounting-Stopmessagewith the final statistics for theassociated
service sessions and client session.
4. Removes the dynamic VLAN logical interface.
• Next, autoconfd attempts to migrate the sessions to available connections on any
remaining eligible core-facingphysical interfaces that are assigned to the same routing
instance:
Copyright © 2018, Juniper Networks, Inc.114
Broadband Subscriber ManagementWholesale Feature Guide
1. The original request is placed on a retry queue.
2. A login sequence is attempted for each session, including authentication, creation
of dynamic VLAN logical interfaces, activation of any services, and sending RADIUS
Accounting-Start messages for the service and client sessions.
• If the login sequence is successful, then the request is removed from the retry
queue.
• If the login fails, then the session is logged out, the session entry is removed from
the SDB, and the corresponding access line is set to a pending state.
When the available connections are all used—when there are nomore available VLAN
tags from the configured inner VLAN ID swap ranges—as a result of successful
reconnections, no attempt is made to connect any remaining Layer 2 wholesale
sessions. Although authentication can succeed, the creation of dynamic VLAN logical
interfaces fails during profile instantiation. In this case, the session is out, the session
entry is removed from the SDB, and the corresponding access line is set to a pending
state.
• The pending access lines that represent these non-migrated sessions can be
reestablished if the interface recovers or if additional VLAN connections become
available; for example, by a configuration change that either increases the inner VLAN
ID swap range for one or more remaining core-facing physical interfaces or adds new
core-facing physical interfaces. However, if the ANCP agent receives a Port Down
message for a pending access line, the corresponding session is not reestablished.
You can use the show auto-configuration out-of-band pending command to display a
count of pending access lines per routing instance.
NOTE:
In addition to core-facing physical interface state transitions fromUp toDown, these behaviors also apply in the following circumstances:
• A core-facing physical interface is deleted.
• More Layer 2 wholesale sessions are assigned to a routing instance thancan be accommodated by the inner VLAN ID swap range configured on theinterface assigned to the routing instance.
BEST PRACTICE: We recommend that you use aggregated Ethernet for thecore-facing physical interfaces to provide link protection, bandwidthaggregation, or both.
115Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Consequences of a State Transition fromDown to Up in the Core-Facing Physical Interface
The following behavior results when the core-facing physical interface state transitions
from Down to Up:
• The physical interface is now eligible to assign new Layer 2 wholesale subscriber
sessions.
• The ANCP agent notifies the autoconfiguration daemon (autoconfd), which attempts
to reestablish the Layer 2 wholesale sessions that correspond to pending access line
by initiating a conventional login sequence. This sequence includes authentication,
creation of dynamic VLAN logical interfaces, activation of any services, and sending
RADIUS Accounting-Start messages for the service and client sessions.
• Pending sessions continue to be reestablished until none are left or an error occurs,
typically due to exhaustion of inner VLAN tags from the swap ranges on the interface.
In the latter case, the sessions are logged out, the session entry is removed from the
SDB, and the access line is set to a pending state.
You can use the show auto-configuration out-of-band pending command to display a
count of pending access lines per routing instance.
These behaviors also occur in the following cases:
• Additional VLAN connection resources become available, by a configuration change
that either increases the inner VLAN ID swap range for one or more remaining
core-facing physical interfaces or adds new core-facing physical interfaces. The newly
added physical interface must be in the Up state to assume any Layer 2 wholesale
sessions.
• A RADIUS-initiated disconnect is received for an existing Layer 2 wholesale session
assigned to this routing instance is logged out (disconnect only). For a disconnectwith
a reconnectqualifier, theaffected session is givenpreference to reconnectover pending
access lines.
• You issue the request auto-configuration reconnect-pending, clear ancp access-loop,
or request ancp oam port-up command.
Loss of ANCP TCP Adjacency
The ANCP agent can lose its TCP adjacency with a neighbor in any of the following
circumstances:
• The access node renegotiates the connection; for example, as a result of losing
synchronization. The renegotiation triggers the local state to change from established
to not established. The state transitions back to established when the session is
successfully renegotiated.
• An end-of-file (EOF) message is received on the socket indicating the adjacency is
closed. This can result when the ANCP configuration is deleted on the access node.
• An adjacency keepalive failure occurs. When no response is received for three
consecutive polls, the adjacency is declared to be lost.
Copyright © 2018, Juniper Networks, Inc.116
Broadband Subscriber ManagementWholesale Feature Guide
The ANCP agent treats the loss of adjacency as if it has received a Port Downmessage
for each access loop represented by theANCP connection. The agent notifies autoconfd,
which takes the following actions:
• Logs out all Layer 2 wholesale sessions that were triggered by this ANCP connection.
• Sends a RADIUS Accounting-Stopmessage with the final statistics for the associated
service sessions and client session.
• Removes the dynamic VLAN logical interface.
If the assigned access-facing or core-facing physical interface is in the Down state, any
pending sessions that were triggered by this ANCP connection cannot be reestablished
when the interface recovers to the Up state.
Dynamic, conventionally auto-sensed VLAN logical interfaces, such as those supporting
PPPoE sessions, are not affected by the TCP adjacency loss.
If the adjacency is reestablished, the expected behavior is a complete replay of Port
Down and Port Upmessages for all associated configured access lines. The Layer 2
wholesale sessions for which the ANCP agent receives Port Upmessages are
reestablished.
You canmitigate the effects of short-term adjacency losses by configuring an adjacency
loss hold time. The timer startswhen adjacency is lost. Even though the adjacency is lost,
established sessions are maintained while the timer runs unless a Port Downmessage
is received for the corresponding access line.
Any access line that for which the ANCP agent has not received a Port Upmessage by
the time the timer expires is treated as though the agent has received a Port Down
message for the line. The ANCP Agent notifies autoconfd, which takes the following
actions:
• Logs out all Layer 2 wholesale sessions that correspond to the access line.
• Sends a RADIUS Accounting-Stopmessage with the final statistics for the associated
service sessions and client session.
• Removes the dynamic VLAN logical interface.
Port Upmessages received after the timer expires repopulate the SDB access line table
and reestablish the Layer 2 wholesale sessions
The adjacency loss hold timer serves the following purposes:
• Dampens the effect of adjacency loss of short duration thereby maintaining existing
Layer 2 wholesale sessions.
• Detects the removal of an access line configuration on the access node. For example,
in some circumstances youmay want to remove the configuration of an access line
onaneighbor. You first disconnect theANCPsessionbetweenaneighbor and theBNG,
remove the configuration on the neighbor, and then restore the ANCP connectionwith
the BNG. The neighbor does not issue a Port Downmessage. if the adjacency-loss
hold-timer is configured, the ANCP agent detects an access line for which it has not
117Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
receivedaPortUporPortDownmessage,andconsequently triggers logoutand removal
of the corresponding Layer 2-wholesale session.
NOTE: When youdeactivate theANCPprotocol, the router does not performa commit check to determine whether any ANCP or L2-BSA subscribers arepresent (active or inactive). Any subscribers that are active at the time ofdeactivation remain active.
Release History Table DescriptionRelease
Starting in Junos OS Release 16.1R4, you can configure the ANCP agent totrigger the creation of an autosensed VLANwhen the ANCP agent receives aPortUpmessagewhere theDSL-Line-StateattributehasavalueofShowtime.
16.1R4
RelatedDocumentation
Configuring Out-of-Band ANCPMessages to Trigger Dynamic VLAN Instantiation on
page 173
•
• Configuring the ANCP Agent for ANCP-Triggered, Autosensed Dynamic VLANs on
page 171
• Configuring the ANCP Agent
• ANCP and the ANCP Agent Overview
Junos OS Predefined Variables
Junos OS containsmany predefined variables. The dynamic profile obtains and replaces
values for these variables from an incoming client data packet and configuration (local
and RADIUS). These variables are predefined—you use them in the body of a dynamic
profile without first having to define the variables at the [dynamic-profiles profile-name
variables] hierarchy level. Table 9 on page 118 provides a list of predefined variables, their
descriptions, and where in the Junos OS hierarchy you can configure them.
Table 9: Junos OS Predefined Variables and Definitions
DefinitionVariable
Access and Access-Internal Routes
Costmetricofan IPv4access route.Youspecifythis variable at the [edit dynamic-profilesprofile-name routing-options access routeaddress] hierarchy level for themetricstatement.
$junos-framed-route-cost
Distance of an IPv4 access route. You specifythis variable at the [edit dynamic-profilesprofile-name routing-options access routeaddress] hierarchy level for the preferencestatement.
$junos-framed-route-distance
Copyright © 2018, Juniper Networks, Inc.118
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Route prefix of an IPv4 access route. Youspecify this variableat the [editdynamic-profilesprofile-name routing-options access] hierarchylevel for the route statement.
$junos-framed-route-ip-address-prefix
Route prefix of an IPv6 access route. Youspecify this variableat the [editdynamic-profilesprofile-name routing-options access] hierarchylevel for the route statement.
$junos-framed-route-ipv6-address-prefix
Costmetricofan IPv6access route.Youspecifythis variable with themetric statement at the[edit dynamic-profiles profile-namerouting-instances $junos-routing-instancerouting-options rib $junos-ipv6-rib access route$junos-framed-route-ipv6-address-prefix]hierarchy level.
$junos-framed-route-ipv6-cost
Distance of an IPv6 access route. You specifythis variable with the preference statement atthe [edit dynamic-profiles profile-namerouting-instances $junos-routing-instancerouting-options rib $junos-ipv6-rib access route$junos-framed-route-ipv6-address-prefix]hierarchy level.
$junos-framed-route-ipv6-distance
IPv6 next-hop address of an access route. Youspecify this variableat the [editdynamic-profilesprofile-name routing-options access routeaddress] hierarchy level for the next-hopstatement.
$junos-framed-route-ipv6-nexthop
Tag value of an IPv6 access route. You specifythis variablewith the tag statement at the [editdynamic-profilesprofile-name routing-instances$junos-routing-instance routing-options rib$junos-ipv6-rib access route$junos-framed-route-ipv6-address-prefix]hierarchy level.
$junos-framed-route-ipv6-tag
IPv4 next-hop address of an access route. Youspecify this variableat the [editdynamic-profilesprofile-name routing-options access routeaddress] hierarchy level for the next-hopstatement.
$junos-framed-route-nexthop
Tag value of an IPv4 access route. You specifythis variable at the [edit dynamic-profilesprofile-name routing-options access routeaddress] hierarchy level for the tag statement.
$junos-framed-route-tag
119Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Logical interface of an access-internal route.DHCP or PPP supplies this information whenthe subscriber logs in. You specify this variableat the [edit dynamic-profiles profile-namerouting-options access-internal route address]hierarchy level for the qualified-next-hopstatement.
This variable is also used for creating dynamicIP demux interfaces.
$junos-interface-name
Routing table for an IPv6 access route. Youspecify this variable with the rib statement atthe [edit dynamic-profiles profile-namerouting-instances $junos-routing-instancerouting-options] hierarchy level.
Youcanuse this variable to specifyanondefaultrouting instance for the route.
$junos-ipv6-rib
IP address of a subscriber identified in anaccess-internal route. You specify this variableat the [edit dynamic-profiles profile-namerouting-options access-internal] hierarchy levelfor the route statement.
This variable is also used for creating dynamicIP demux interfaces.
$junos-subscriber-ip-address
MAC address for a subscriber identified in anaccess-internal route. You specify this variableat the [edit dynamic-profiles profile-namerouting-options access-internal route addressqualified-nexthopunderlying-interface]hierarchylevel for themac-address statement.
$junos-subscriber-mac-address
Dynamic Protocols
Specifies the access list to use for the source(S) filter.
$junos-igmp-access-group-name
Specifies the access list to use for thesource-group (S,G) filter.
$junos-igmp-access-source-group-name
Ensures that IGMP is not disabled on theinterface by an AAA-based authentication andmanagement method (for example, RADIUS).Youspecify this variableat the[dynamic-profilesprofile-name protocols igmp] hierarchy level forthe interface statement.
$junos-igmp-enable
Copyright © 2018, Juniper Networks, Inc.120
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Enables IGMP immediate leaveon the interface.Youspecify this variableat the[dynamic-profilesprofile-name protocols igmp] hierarchy level forthe interface statement.
$junos-igmp-immediate-leave
IGMP version configured in a client accessprofile. Junos OS obtains this information fromthe RADIUS server when a subscriber accessesthe router. The version is applied to theaccessing subscriber when the profile isinstantiated. You specify this variable at the[dynamic-profiles profile-name protocols igmp]hierarchy level for the interface statement.
$junos-igmp-version
Name of the dynamic interface to which thesubscriber access client connects. Its use is indynamically enabling IGMP on the subscriberinterface. You specify this variable at the[dynamic-profiles profile-name protocols igmp]hierarchy level for the interface statement.
The interface name is derived fromconcatenating the $junos-interface-ifd-nameand the $junos-underlying-interface-unitvariablesobtainedwhenasubscriber is createddynamically at the [dynamic-profilesprofile-name interfaces] hierarchy level.
$junos-interface-name
Prefix value for the router advertisementinterface. Junos OS obtains this informationfrom the RADIUS server when a subscriberaccesses the router. The prefix value is appliedto the accessing subscriber when the profile isinstantiated. You specify this variable at the[dynamic-profiles profile-name protocolsrouter-advertisement interface$junos-interface-name] hierarchy level.
$junos-ipv6-ndra-prefix
Specifies theaccess list touse for thegroup(G)filter.
$junos-mld-access-group-name
Specifies the access list to use for thesource-group (S,G) filter.
$junos-mld-access-source-group-name
Ensures that MLD is not disabled on theinterface by an AAA-based authentication andmanagement method (for example, RADIUS).Youspecify this variableat the[dynamic-profilesprofile-name protocolsmld] hierarchy level forthe interface statement.
$junos-mld-enable
121Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
EnablesMLD immediate leave on the interface.Youspecify this variableat the[dynamic-profilesprofile-name protocolsmld] hierarchy level forthe interface statement.
$junos-mld-immediate-leave
MLDversionconfigured inaclientaccessprofile.Junos OS obtains this information from theRADIUS server when a subscriber accesses therouter. The version is applied to the accessingsubscriber when the profile is instantiated. Youspecify this variable at the [dynamic-profilesprofile-name protocolsmld] hierarchy level forthe interface statement.
$junos-mld-version
Dynamic CoS—Traffic-Control Profile Parameters
Minimum adjusted shaping rate configured ina traffic-control profile in a dynamic profile.Junos OS obtains this information from theRADIUSserverwhenasubscriberauthenticatesover the static or dynamic subscriber interfaceto which the dynamic profile is attached.
You reference this variable in theadjust-minimum statement at the [editdynamic-profiles profile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-adjust-minimum
Byte adjustment value configured in atraffic-control profile in adynamicprofile. JunosOS obtains this information from the RADIUSserverwhenasubscriber authenticatesover thestatic or dynamic subscriber interface to whichthe dynamic profile is attached.
You reference this variable in the bytes optionwith the overhead-accounting statement at the[edit dynamic-profiles profile-nameclass-of-service traffic-control-profilesprofile-name] hierarchy level.
$junos-cos-byte-adjust
Overhead bytes when downstreamATM trafficis in cell-mode.
NOTE: Do not configure the$junos-cos-byte-adjust-cell variable when the$junos-cos-byte-adjust variable is configured.
$junos-cos-byte-adjust-cell
Copyright © 2018, Juniper Networks, Inc.122
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Overhead bytes when downstreamATM trafficis in frame-mode.
NOTE: Do not configure the$junos-cos-byte-adjust-frame variable whenthe $junos-cos-byte-adjust variable isconfigured.
$junos-cos-byte-adjust-frame
Delay-buffer rate configured in a traffic-controlprofile in a dynamic profile. Junos OS obtainsthis information from the RADIUS server whena subscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in thedelay-buffer-rate statement at the [editdynamic-profiles profile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-delay-buffer-rate
Excess rate configured ina traffic-control profilein a dynamic profile. Junos OS obtains thisinformation from the RADIUS server when asubscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the excess-ratestatement at the [edit dynamic-profilesprofile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-excess-rate
Rate configured for excess high-priority trafficin a traffic-control profile in a dynamic profile.Junos OS obtains this information from theRADIUSserverwhenasubscriberauthenticatesover the static or dynamic subscriber interfaceto which the dynamic profile is attached.
You reference this variable in theexcess-rate-high statement at the [editdynamic-profiles profile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-excess-rate-high
123Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Rate configured for excesslow-priority traffic ina traffic-control profile in a dynamic profile forsubscriber access. Junos OS obtains thisinformation from the RADIUS server when asubscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in theexcess-rate-low statement at the [editdynamic-profiles profile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-excess-rate-low
Guaranteed rate configured in a traffic-controlprofile in a dynamic profile Junos OS obtainsthis information from the RADIUS server whena subscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in theguaranteed-rate statement at the [editdynamic-profiles profile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-guaranteed-rate
Burst size for the guaranteed rate that isconfigured in a traffic-control profile in adynamic profile. Junos OS obtains thisinformation from the RADIUS server when asubscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable with the burst-sizeoption in the guaranteed-rate statement at the[edit dynamic-profiles profile-nameclass-of-service traffic-control-profilesprofile-name] hierarchy level.
$junos-cos-guaranteed-rate-burst
Copyright © 2018, Juniper Networks, Inc.124
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Scheduler-map name configured in atraffic-control profile in adynamicprofile. JunosOS obtains this information from the RADIUSserverwhenasubscriber authenticatesover thestatic or dynamic subscriber interface to whichthe dynamic profile is attached.
You reference this variable in the scheduler-mapstatement at the [edit dynamic-profilesprofile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
NOTE: The scheduler map can be defineddynamically (at the [edit dynamic-profilesprofile-name class-of-service scheduler-maps]hierarchy level) or statically (at the [editclass-of-service scheduler-maps] hierarchylevel).
$junos-cos-scheduler-map
Shaping mode configured in a traffic-controlprofile in a dynamic profile. Junos OS obtainsthis information from the RADIUS server whena subscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in theoverhead-accounting statement at the [editdynamic-profiles profile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-shaping-mode
Shaping rate configured in a traffic-controlprofile in a dynamic profile. Junos OS obtainsthis information from the RADIUS server whena subscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the shaping-ratestatement at the [edit dynamic-profilesprofile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-shaping-rate
125Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Burst size for the shaping rate configured in atraffic-control profile in adynamicprofile. JunosOS obtains this information from the RADIUSserverwhenasubscriber authenticatesover thestatic or dynamic subscriber interface to whichthe dynamic profile is attached.
You reference this variable with the burst-sizeoption in the shaping-rate statementat the [editdynamic-profiles profile-name class-of-servicetraffic-control-profiles profile-name] hierarchylevel.
$junos-cos-shaping-rate-burst
Shaping rate configured for excesshigh-prioritytraffic in a traffic-control profile for a dynamicinterface set or dynamic ACI interface set at ahousehold level. Specifying this variable in atraffic-control profile for a dynamic subscriberinterface is prohibited.
$junos-cos-shaping-rate-excess-high
Shaping rate burst size configured for excesshigh-priority traffic in a traffic-control profile fora dynamic interface set or dynamic ACIinterface set at a household level. Specifyingthis variable in a traffic-control profile for adynamic subscriber interface is prohibited.
$junos-cos-shaping-rate-excess-high-burst
Shaping rate configured for excess low-prioritytraffic in a traffic-control profile for a dynamicinterface set or dynamic ACI interface set at ahousehold level. Specifying this variable in atraffic-control profile for a dynamic subscriberinterface is prohibited.
$junos-cos-shaping-rate-excess-low
Shaping rate burst size configured for excesslow-priority traffic in a traffic-control profile fora dynamic interface set or dynamic ACIinterface set at a household level. Specifyingthis variable in a traffic-control profile for adynamic subscriber interface is prohibited.
$junos-cos-shaping-rate-excess-low-burst
Shaping rate configured for high-priority trafficin a traffic-control profile for a dynamicinterface set or dynamic ACI interface set at ahousehold level. Specifying this variable in atraffic-control profile for a dynamic subscriberinterface is prohibited.
$junos-cos-shaping-rate-priority-high
Shaping rate burst size configured forhigh-priority traffic in a traffic-control profile fora dynamic interface set or dynamic ACIinterface set at a household level. Specifyingthis variable in a traffic-control profile for adynamic subscriber interface is prohibited.
$junos-cos-shaping-rate-priority-high-burst
Copyright © 2018, Juniper Networks, Inc.126
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Shaping rate configured for low-priority trafficin a traffic-control profile for a dynamicinterface set or dynamic ACI interface set at ahousehold level. Specifying this variable in atraffic-control profile for a dynamic subscriberinterface is prohibited.
$junos-cos-shaping-rate-priority-low
Shaping rate burst size configured forlow-priority traffic in a traffic-control profile fora dynamic interface set or dynamic ACIinterface set at a household level. Specifyingthis variable in a traffic-control profile for adynamic subscriber interface is prohibited.
$junos-cos-shaping-rate-priority-low-burst
Shaping rate configured for medium-prioritytraffic in a traffic-control profile for a dynamicinterface set or dynamic ACI interface set at ahousehold level. Specifying this variable in atraffic-control profile for a dynamic subscriberinterface is prohibited.
$junos-cos-shaping-rate-priority-medium
Shaping rate burst size configured formedium-priority traffic ina traffic-controlprofilefor a dynamic interface set or dynamic ACIinterface set at a household level. Specifyingthis variable in a traffic-control profile for adynamic subscriber interface is prohibited.
$junos-cos-shaping-rate-priority-medium-burst
Traffic-control profile configured in a dynamicprofile for subscriber access. The Junos OSobtains theprofile information fromtheRADIUSserverwhenasubscriber authenticatesover thestatic or dynamic subscriber interface to whichthe dynamic profile is attached.
You reference this variable in thetraffic-control-profiles statement at the [editdynamic-profiles profile-name class-of-service]hierarchy level.
$junos-cos-traffic-control-profile
Dynamic CoS—Scheduler Parameters
Name of a scheduler configured in a dynamicprofile. Junos OS obtains this information fromthe RADIUS server when a subscriberauthenticates over the static or dynamicsubscriber interface to which the dynamicprofile is attached.
You reference this variable at the [editdynamic-profiles profile-name class-of-serviceschedulers] hierarchy level.
$junos-cos-scheduler
127Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Buffer size as a percentage of total buffer,specified for a scheduler configured in adynamic profile. Junos OS obtains thisinformation from the RADIUS server when asubscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the buffer-sizestatement with the percent option at the [editdynamic-profiles profile-name class-of-serviceschedulers scheduler-name] hierarchy level.
$junos-cos-scheduler-bs
Packet-scheduling priority value specified fora scheduler configured in a dynamic profile.Junos OS obtains this information from theRADIUSserverwhenasubscriberauthenticatesover the static or dynamic subscriber interfaceto which the dynamic profile is attached.
You reference this variable in the prioritystatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name] hierarchy level.
$junos-cos-scheduler-pri
Name of the drop profile for random earlydetection (RED) for loss-priority level anyspecified for a scheduler configured in adynamic profile. Junos OS obtains thisinformation from the RADIUS server when asubscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the drop-profilestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name drop-profile-map loss-priorityany protocol any] hierarchy level.
NOTE: The drop profile must be configuredstatically (at the [edit class-of-servicedrop-profiles] hierarchy level).
$junos-cos-scheduler-dropfile-any
Copyright © 2018, Juniper Networks, Inc.128
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Name of the drop profile for random earlydetection (RED) for loss-priority level highspecified for a scheduler configured in adynamic profile. Junos OS obtains thisinformation from the RADIUS server when asubscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the drop-profilestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name drop-profile-map loss-priorityhigh protocol any] hierarchy level.
NOTE: The drop profile must be configuredstatically (at the [edit class-of-servicedrop-profiles] hierarchy level).
$junos-cos-scheduler-dropfile-high
Name of the drop profile for random earlydetection (RED) for loss-priority level lowspecified for a scheduler configured in adynamic profile. Junos OS obtains thisinformation from the RADIUS server when asubscriber authenticates over the static ordynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the drop-profilestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name drop-profile-map loss-prioritylow protocol any] hierarchy level.
NOTE: The drop profile must be configuredstatically (at the [edit class-of-servicedrop-profiles] hierarchy level) for loss-prioritylow.
$junos-cos-scheduler-dropfile-low
129Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Name of the drop profile for random earlydetection (RED) for loss-priority levelmedium-high specified for a schedulerconfigured in a dynamic profile. Junos OSobtains this information fromtheRADIUSserverwhenasubscriber authenticatesover the staticor dynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the drop-profilestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name drop-profile-map loss-prioritymedium-high protocol any] hierarchy level.
NOTE: The drop profile must be configuredstatically (at the [edit class-of-servicedrop-profiles] hierarchy level).
$junos-cos-scheduler-dropfile-medium-high
Name of the drop profile for random earlydetection (RED) for loss-priority levelmedium-low specified for a schedulerconfigured in a dynamic profile. Junos OSobtains this information fromtheRADIUSserverwhenasubscriber authenticatesover the staticor dynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the drop-profilestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name drop-profile-map loss-prioritymedium-low protocol any] hierarchy level.
NOTE: The drop profile must be configuredstatically (at the [edit class-of-servicedrop-profiles] hierarchy level).
$junos-cos-scheduler-dropfile-medium-low
Priority value of the excess rate specified for ascheduler configured inadynamicprofile. JunosOS obtains this information from the RADIUSserverwhenasubscriber authenticatesover thestatic or dynamic subscriber interface to whichthe dynamic profile is attached.
You reference this variable in the excess-prioritystatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name] hierarchy level.
$junos-cos-scheduler-excess-priority
Copyright © 2018, Juniper Networks, Inc.130
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Value of the excess rate specified for ascheduler configured inadynamicprofile. JunosOS obtains this information from the RADIUSserverwhenasubscriber authenticatesover thestatic or dynamic subscriber interface to whichthe dynamic profile is attached.
You reference this variable in the excess-ratestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name] hierarchy level.
$junos-cos-scheduler-excess-rate
Value of the shaping rate specified for ascheduler configured inadynamicprofile. JunosOS obtains this information from the RADIUSserverwhenasubscriber authenticatesover thestatic or dynamic subscriber interface to whichthe dynamic profile is attached.
You reference this variable in the shaping-ratestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name] hierarchy level.
$junos-cos-scheduler-shaping-rate
Transmit rate specified for a schedulerconfigured in a dynamic profile. Junos OSobtains this information fromtheRADIUSserverwhenasubscriber authenticatesover the staticor dynamic subscriber interface to which thedynamic profile is attached.
You reference this variable in the transmit-ratestatement at the [edit dynamic-profilesprofile-name class-of-service schedulersscheduler-name] hierarchy level.
$junos-cos-scheduler-tx
Dynamic Connectivity Fault Management Parameters
Name of the action profile configured in adynamic profile.
$junos-action-profile
Continuity check interval time configured in adynamic profile.
$junos-ccm-interval
The number of continuity checkmessages lostbefore marking the remote MEP as down,configured in a dynamic profile.
$junos-loss-threshold
Name of the maintenance association nameformat configured in a dynamic profile.
$junos-ma-name-format
Name of the maintenance domain formatconfigured in a dynamic profile.
$junos-md-name-format
131Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Name of the maintenance associationconfigured in a dynamic profile.
$junos-ma-name
Value of ’Level’, configured in a dynamic profile.$junos-md-level
Name of the maintenance domain configuredin a dynamic profile.
$junos-md-name
The ’MEP’ value configured in the dynamicprofile.
$junos-mep-id
The ’Remote MEP’ value configured in thedynamic profile.
$junos-remote-mep-id
Filters — RADIUS-obtained Policies
Name of an input filter to be attached; filtername is derived from RADIUS VSA 26-10(Ingress-Policy-Name) or RADIUS attribute 11(Filter-ID) to the interface.
$junos-input-filter
Name of an input filter to be attached to afamily any interface; filter name is derived fromRADIUS VSA 26-191 (Input-Interface-Filter) tothe interface.
You can also specify the filter name with the$junos-input-interface-filter statement at the[edit dynamic-profiles profile-name interfacesinterface-nameunit logical-interface-number filterinput] hierarchy level.
$junos-input-interface-filter
Nameofan IPv6 input filter tobeattached; filtername is derived from RADIUS VSA 26-106(IPv6-Ingress-Policy-Name) to the interface.
$junos-input-ipv6-filter
Name of an output filter to be attached; filtername is derived from RADIUS VSA 26-11(Egress-Policy-Name) to the interface.
$junos-output-filter
Name of an output filter to be attached to afamily any interface; filter name is derived fromRADIUS VSA 26-191 (Output-Interface-Filter)to the interface.
You can also specify the filter name with the$junos-output-interface-filter statement at the[edit dynamic-profiles profile-name interfacesinterface-nameunit logical-interface-number filteroutput] hierarchy level.
$junos-output-interface-filter
Copyright © 2018, Juniper Networks, Inc.132
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Name of an IPv6 output filter to be attached;filter name is derived fromRADIUSVSA 26-107(IPv6-Egress-Policy-Name) to the interface.
$junos-output-ipv6-filter
Services
Starting in JunosOSRelease 17.2R1, name of anIPv6 input service filter to be attached. Thefilter name isderived fromRADIUS-VSA26-202(IPv6 input service filter) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet6 service input service-set service-set-nameservice-filter] hierarchy level.
$junos-input-ipv6-service-filter
Starting in JunosOSRelease 17.2R1, name of anIPv6 service set to be attached. The service setname is derived from RADIUS-VSA 26-200(IPv6 input service set) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet6 service input service-set] hierarchy level.
$junos-input-ipv6-service-set
Starting in JunosOSRelease 17.2R1, name of anIPv4 input service filter tobeattached. The filtername is derived from RADIUS-VSA 26-198(IPv4 input service filter) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet service input service-set service-set-nameservice-filter] hierarchy level.
$junos-input-service-filter
Starting in JunosOSRelease 17.2R1, name of anIPv4 input service set to be attached. Theservice set name is derived from RADIUS-VSA26-196 (IPv4 input service set) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet service input service-set] hierarchy level.
$junos-input-service-set
133Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Starting in JunosOSRelease 17.2R1, name of anIPv6 service filter to be attached. The filtername is derived from RADIUS-VSA 26-203(IPv6 output service filter) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet6serviceoutputservice-setservice-set-nameservice-filter] hierarchy level.
$junos-output-ipv6-service-filter
Starting in JunosOSRelease 17.2R1, name of anIPv6 service set to to be attached. The serviceset name is derived from RADIUS-VSA 26-201(IPv6 output service set ) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet6 service output service-set] hierarchy level.
$junos-output-ipv6-service-set
Starting in JunosOSRelease 17.2R1, name of anIPv4 service filter to be attached. The filtername is derived from RADIUS-VSA 26-199(IPv4 output service filter) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet service output service-set service-set-nameservice-filter] hierarchy level.
$junos-output-service-filter
Starting in JunosOSRelease 17.2R1, name of anIPv4 output service set to be attached. Theservice set name is derived from RADIUS-VSA26-197 (IPv4 output service set ) to theinterface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number familyinet service output service-set] hierarchy level.
$junos-output-service-set
Starting in Junos OS Release 17.2R1, name of aPCEF profile to be attached. The profile nameis derived from RADIUS-VSA 26-204 (PCEFprofile) to the interface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number service]hierarchy level.
$junos-pcef-profile
Copyright © 2018, Juniper Networks, Inc.134
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Starting in Junos OS Release 17.2R1, name of aPCC rule to activate. The rule name is derivedfrom RADIUS-VSA 26-205 (PCEF rule) to theinterface.
You specify this variable at the [editdynamic-profile profile-name interfacesinterface-name unit logical-unit-number servicepcef pcef-profile-name activate] hierarchy level.
$junos-pcef-rule
Subscriber Interfaces—Dynamic Demux Interfaces
Name of the device to which the subscriberaccess client connects. All interfaces arecreated on this device. Its primary use is increating single or multiple subscribers on astatically created interface. You specify thisvariable at the [dynamic-profiles profile-nameinterfaces] hierarchy level.
When creating a logical underlying interface fora dynamic VLAN demux interface, youmustalso specify this variable at the[dynamic-profiles profile-name interfacesdemux0unit$junos-interface-unitdemux-optionsunderlying-interface] hierarchy level.
$junos-interface-ifd-name
Creates a unit number assigned to the logicalinterface. The router supplies this informationwhen the subscriber accesses thenetwork. Youspecify this variable at the [dynamic-profilesprofile-name interfaces interface-name]hierarchylevel for the unit statement.
$junos-interface-unit
Selects the IPv6 address of the interface thesubscriber uses. You specify this variable at the[edit dynamic-profiles profile-name interfacesinterface-name unit logical-unit-number familyfamily], [edit dynamic-profiles profile-nameinterfacesdemux0unit logical-unit-number familyfamily], [edit dynamic-profiles profile-nameinterfacespp0unit “$junos-interface-unit” familyfamily], and [edit logical-systemslogical-system-name interfaces interface-nameunit logical-unit-number family family] hierarchylevel for the address statement.
$junos-ipv6-address
Selects the loopback interface the subscriberuses. You specify this variable at the [dynamicprofiles profile-name interfaces demux0 unit"$junos-interface-unit" family inet] hierarchylevel for the unnumbered-address statement.
$junos-loopback-interface
135Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Selects the preferred IPv4 source address(family inet) associated with the loopbackaddress used for the subscriber. You specifythis variable at the [dynamic profilesprofile-name interfaces demux0 unit"$junos-interface-unit" family inetunnumbered-address“$junos-loopback-interface”] hierarchy level forthe preferred-source-address statement.
NOTE: Starting in Junos OS Release 16.1, whenyou specify a static logical interface for theunnumbered interface in a dynamic profile thatincludes the$junos-routing-instancepredefinedvariable, youmust not configure an IPv4preferred source address. This constraintapplies whether you use the$junos-preferred-source-address predefinedvariable or the preferred-source-addressstatement. Configuring the preferred sourceaddress in this circumstance causes a commitfailure.
$junos-preferred-source-address
Selects the preferred IPv6 source address(family inet6) associated with the loopbackaddress used for the subscriber. You specifythis variable at the [dynamic profilesprofile-name interfaces demux0 unit"$junos-interface-unit" family inet6unnumbered-address“$junos-loopback-interface”] hierarchy level forthe preferred-source-address statement.
NOTE: Starting in Junos OS Release 16.1, whenyou specify a static logical interface for theunnumbered interface in a dynamic profile thatincludes the$junos-routing-instancepredefinedvariable, youmust not configure an IPv6preferred source address. This constraintapplies whether you use the$junos-preferred-source-ipv6-addresspredefined variable or thepreferred-source-addressstatement.Configuringthe preferred source address in thiscircumstance causes a commit failure.
$junos-preferred-source-ipv6-address
IP address of the subscriber. You specify thisvariable at the [dynamic-profiles profile-nameinterfacesdemux0unit family inetdemux-source]hierarchy level.
This variable is also used for creatingaccess-internal routes.
$junos-subscriber-ip-address
Copyright © 2018, Juniper Networks, Inc.136
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
IPv6 address for subscriber. You specify thisvariable at the [dynamic-profiles profile-nameinterfaces interface-nameunit logical-unit-numberfamily inet6 demux-source] hierarchy level.
$junos-subscriber-ipv6-address
Expands the demux-source into multipleaddresses; for example, the IPv6prefixand/128address for the subscriber.
You specify this variable at the[dynamic-profiles profile-name interfacesinterface-name unit logical-unit-number familyinet6 demux-source] hierarchy level.
$junos-subscriber-ipv6-multi-address
Creates a logical underlying interface for adynamic IP demux interface. The client logs inon this interface. You specify this variable at the[dynamic profiles profile-name interfacesdemux0 unit "$junos-interface-unit"demux-options] hierarchy level for theunderlying-interface statement.
When configured, the underlying interface isused to determine the$junos-underlying-interface,$junos-underlying-interface-unit, and$junos-ifd-name variables. For example, if thereceiving logical interface is ge-0/0/0.1, the$junos-underlying-interface variable is set toge-0/0/0 and the$junos-underlying-interface-unit variable is setto 1.
This variable is also used for creatingaccess-internal routes.
$junos-underlying-interface
Subscriber Interfaces— Static VLAN Interfaces
Name of the device to which the subscriberaccess client connects. All interfaces arecreated on this device. Its primary use is increating single or multiple subscribers on astatically created interface. You specify thisvariable at the [dynamic-profiles profile-nameinterfaces] hierarchy level.
$junos-interface-ifd-name
Obtains the unit number for the underlyinginterface. It specifies the use of the underlyinginterface for the subscriber. You specify thisvariable at the [dynamic-profiles profile-nameinterfaces $junos-interface-ifd-name] hierarchylevel for the unit statement.
$junos-underlying-interface-unit
137Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Subscriber Interfaces—Dynamic PPPoE Interfaces
Specifies the logical unit number when therouter dynamically creates a PPPoE logicalinterface. The $junos-interface-unit predefinedvariable is dynamically replaced with the unitnumber supplied by the network when thePPPoE subscriber logs in. You specify thisvariable at the [edit dynamic-profilesprofile-name interfaces pp0] hierarchy level forthe unit statement.
$junos-interface-unit
Specifies the name of the underlying Ethernetinterface on which the router dynamicallycreates the PPPoE logical interface. The$junos-underlying-interfacepredefinedvariableis dynamically replaced with the name of theunderlying interface supplied by the networkwhen the PPPoE subscriber logs in. You specifythis variable at the [edit dynamic-profilesprofile-name interfaces pp0 unit“$junos-interface-unit”pppoe-options]hierarchylevel for the underlying-interface statement.
$junos-underlying-interface
Subscriber Interfaces—Dynamic Interface Sets
Name of an interface set configured in adynamic profile. To represent the name of adynamically created agent circuit identifier(ACI) interface set, use the$junos-interface-set-name predefined variablein the interface-set statement at the [editdynamic-profiles profile-name interfaces]hierarchy level.
$junos-interface-set-name
Copyright © 2018, Juniper Networks, Inc.138
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Name of an interface set associated with theunderlying physical interface in a dynamicprofile.
In a heterogeneous topology where residentialand business subscribers share the samephysical interface, although only two levels ofCoSare required for residential access, businessaccess requires three levels. Because they sharethe same physical interface, three levels areconfigured for both, causing an unnecessarylevel 2node tobeconsumedforeach residentialconnection.
Starting in Junos OS Release 16.1, you canreduce theCoSresourceswastedon residentialaccess by collecting the residential subscribersinto an interface set associated with thephysical interface. In this way, a level 2 node isused for the interface set rather than for eachresidential interface. To do so, specify the$junos-phy-ifd-interface-set-name predefinedvariablewith the interface-set statement at the[edit dynamic-profiles profile-name interfaces]hierarchy level to create the interface set basedon the underlying physical interface.
$junos-phy-ifd-interface-set-name
Locally generated interface set name used toassociate individual customer circuits in apassive optical network (PON) to deliver CoSand other services to the set of interfaces.
The name is extracted from the DHCPv4(Option 82, suboption 2) or DHCPv6 (Option37)agent remote IDstring insertedbyanopticalline terminal (OLT) in a PON. The OLTmustformat the agent remote ID string with a pipesymbol (|) as thedelimiter between substrings.The substring extracted for the interface setname consists of the characters following thelast delimiter in the agent remote ID string.
The extracted substring identifies individualcustomer circuits. You determine the formatand contents of the substring, and configureyour OLT to insert the information. Typically,the substring may include the name and portof theOLTaccessedby theCPEoptical networkterminal (ONT).
$junos-pon-id-interface-set-name
Locally generated interface set name for useby dual-tagged VLAN interfaces based on theouter tag of the dual-tagged VLAN. The formatof the generated variable isphysical_interface_name - outer_VLAN_tag.
$junos-svlan-interface-set-name
139Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Wholesale Networking
Name of the dynamic interface to which thesubscriber access client connects. Its use is inidentifying the subscriber interface. You specifythis variable at the [dynamic-profilesprofile-name routing-instance$junos-routing-instance] hierarchy level for theinterface statement.
The interface name is derived fromconcatenating the $junos-interface-ifd-nameand the $junos-underlying-interface-unitvariablesobtainedwhenasubscriber is createddynamically at the [dynamic-profilesprofile-name routing-instance$junos-routing-instance interface]hierarchy level.
$junos-interface-name
Name of the routing instance to which thesubscriber is assigned. This variable triggers areturn value from the RADIUS server forVirtual-Router (VSA 26-1).
You reference this variable in the statement atthe [dynamic-profiles profile-name] hierarchylevel for the routing-instance statement.
NOTE: Starting in Junos OS Release 16.1, whenyou specify a static logical interface for theunnumbered interface in a dynamic profile thatincludes the$junos-routing-instancepredefinedvariable, youmust not configure a preferredsourceaddress. This constraint applieswhetheryou use the $junos-preferred-source-addresspredefined variable, the$junos-preferred-source-ipv6-addresspredefined variable, or thepreferred-source-addressstatement.Configuringthe preferred source address in thiscircumstance causes a commit failure.
$junos-routing-instance
Copyright © 2018, Juniper Networks, Inc.140
Broadband Subscriber ManagementWholesale Feature Guide
Table 9: Junos OS Predefined Variables and Definitions (continued)
DefinitionVariable
Starting in Junos OS Release 16.1R4, identifierfor the inner VLAN tag for Layer 2 wholesale,ANCP-triggered, autosensed dynamicVLANs.TheVLANtag isallocated fromthe innerVLAN ID swap ranges that are provisioned onthe core-facing physical interface. The innerVLAN tag is swappedwith (replaces) the outerVLANtagwhenthesubscriber traffic is tunneledto the NSP.
You specify this variable with the inner-vlan-idstatement at the [edit dynamic-profilesprofile-name interfaces$junos-interface-ifd–name unit$junos-interface-unit input-vlan-map]hierarchylevel.
$junos-inner-vlan-map-id
Identifier for a VLAN that is rewritten at theinputoroutput interfaceasspecifiedbyaVLANmap.
You specify this variable with the vlan-idstatement at the [edit dynamic-profilesprofile-name interfaces$junos-interface-ifd–name unit$junos-interface-unit input-vlan-map] or [editdynamic-profiles profile-name interfaces$junos-interface-ifd–name unit$junos-interface-unit input-vlan-map]hierarchylevels.
$junos-vlan-map-id
141Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Release History Table DescriptionRelease
Starting in Junos OS Release 17.2R1, name of an IPv6 input service filter to beattached.
17.2R1
Starting in Junos OS Release 17.2R1, name of an IPv6 service set to be attached.17.2R1
Starting in Junos OS Release 17.2R1, name of an IPv4 input service filter to beattached.
17.2R1
Starting in Junos OS Release 17.2R1, name of an IPv4 input service set to beattached.
17.2R1
Starting in JunosOSRelease 17.2R1, nameof an IPv6 service filter tobeattached.17.2R1
Starting in JunosOSRelease 17.2R1, nameofan IPv6service set to tobeattached.17.2R1
Starting in JunosOSRelease 17.2R1, nameof an IPv4 service filter to beattached.17.2R1
Starting in Junos OS Release 17.2R1, name of an IPv4 output service set to beattached.
17.2R1
Starting in Junos OS Release 17.2R1, name of a PCEF profile to be attached.17.2R1
Starting in Junos OS Release 17.2R1, name of a PCC rule to activate.17.2R1
Starting in Junos OS Release 16.1R4, identifier for the inner VLAN tag for Layer2 wholesale, ANCP-triggered, autosensed dynamic VLANs.
16.1R4
Starting in Junos OS Release 16.1, when you specify a static logical interface forthe unnumbered interface in a dynamic profile that includes the$junos-routing-instance predefined variable, youmust not configure an IPv4preferred source address.
16.1
Starting in Junos OS Release 16.1, when you specify a static logical interface forthe unnumbered interface in a dynamic profile that includes the$junos-routing-instance predefined variable, youmust not configure an IPv6preferred source address.
16.1
Starting in Junos OS Release 16.1, you can reduce the CoS resources wasted onresidential access by collecting the residential subscribers into an interface setassociated with the physical interface.
16.1
Starting in Junos OS Release 16.1, when you specify a static logical interface forthe unnumbered interface in a dynamic profile that includes the$junos-routing-instance predefined variable, youmust not configure a preferredsource address.
16.1
RelatedDocumentation
Dynamic Variables Overview•
• Configuring Predefined Dynamic Variables in Dynamic Profiles
Copyright © 2018, Juniper Networks, Inc.142
Broadband Subscriber ManagementWholesale Feature Guide
• Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs
• User-Defined Variables
Juniper Networks VSAs Supported by the AAA Service Framework
Table 10 on page 143 describes Juniper Networks VSAs supported by the Junos OS AAA
Service Framework. The AAA Service Framework uses vendor ID 4874, which is assigned
to Juniper Networks by the Internet Assigned Numbers Authority (IANA). Some VSAs
correspond to Juniper Networks predefined variables; see Junos OS Predefined Variables
That Correspond to RADIUS Attributes and VSAs.
NOTE: A “Yes” entry in the Dynamic CoA Support column indicates that theattribute can be dynamically configured by Access-Accept messages anddynamically modified by CoA-Request messages.
Table 10: Supported Juniper Networks VSAs
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nostring: logical system:routinginstance
Client logical system:routinginstance name. Allowed only fromAAA server for default logicalsystem:routing instance.
When this VSA is not included in thesubscriber profile, the routinginstance assigned to thesubscriber—the one in which thesubscriber sessioncomesup—variesby subscriber type.
For DHCPandPPPoE subscribers, itis the default routing instance.
For L2TP tunnel subscribers, it is therouting instance in which the tunnelresides, whether default ornon-default. If the tunnel routinginstance is notdefault andyouwanttheL2TPsession tobe in thedefaultrouting instance, youmust use theVirtual-Router VSA to set thedesired routing instance.
Virtual-Router26-1
Nointeger: 4-byteprimary-dns-address
Client DNS address negotiatedduring IPCP.
Primary-DNS26-4
Nointeger: 4-bytesecondary-dns-address
Client DNS address negotiatedduring IPCP
Secondary-DNS26-5
143Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nointeger: 4-byteprimary-wins-address
Client WINS (NBNS) addressnegotiated during IPCP.
Primary-WINS26-6
Nointeger: 4-bytesecondary-wins-address
Client WINS (NBNS) addressnegotiated during IPCP.
Secondary-WINS26-7
Nostring: tunnel-virtual-routerVirtual router name for tunnelconnection.
Tunnel-Virtual-Router26-8
Nostring: tunnel-passwordTunnel password in cleartext.
Do not use both this VSA and thestandard RADIUS attributeTunnel-Password [69]. Werecommend that you use thestandard attribute because thepassword is encrypted when thatattribute is used.
Tunnel-Password26-9
Yesstring: input-policy-nameInput policy name to apply to clientinterface.
Ingress-Policy-Name26-10
Yesstring: output-policy-nameOutput policy name to apply toclient interface.
Egress-Policy-Name26-11
Yesinteger:
• 0=disable
• 1=enable
Whether IGMP isenabledordisabledon a client interface.
IGMP-Enable26-23
Nostring: pppoeclient-mac-address
Client MAC address.PPPoE-Description26-24
Nostring:logical-system:routing-instance
Client logical system:routinginstance name indicating to whichlogical system:routing instance therequest is redirected for userauthentication.
Redirect-VRouter-Name26-25
Yes4-octet integer:
• 0 = none
• 1 = Cisco CLID
Method that determines whetherthe RADIUS server conveys to theLNS the physical NAS port numberidentifier and the typeof thephysicalport, such as Ethernet or ATM. Thisinformation is conveyed only whenthe VSA value is 1.
The VSA is formatted such that thefirst octet indicates the tunnel andthe remaining three bytes are theattribute value.
Tunnel-Nas-Port-Method26-30
Copyright © 2018, Juniper Networks, Inc.144
Broadband Subscriber ManagementWholesale Feature Guide
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nostring bundle-nameSSC service bundle.Service-Bundle26-31
Nointeger: 4-octetMaximum number of sessionsallowed in a tunnel.
Tunnel-Max-Sessions26-33
Nointeger: 4-octetRoute tag to apply to returnedframed-ip-address.
Framed-IP-Route-Tag26-34
NointegerNumber of times the input-packetsattribute rolls over its 4-octet field.
Input-Gigapackets26-42
NointegerNumberof timestheoutput-packetsattribute rolls over its 4-octet field.
Output-Gigapackets26-43
Nohexadecimal string:ipv6-primary-dns-address
Client primary IPv6 DNS addressnegotiated by DHCP.
Ipv6-Primary-DNS26-47
Nohexadecimal string:ipv6-secondary-dns-address
Client secondary IPv6 DNS addressnegotiated by DHCP.
Ipv6-Secondary-DNS26-48
Nohexadecimal string:disconnect-cause
Disconnect cause when a tunneledsubscriber is disconnected, andL2TP layer of the LNS initiates thetermination. The PPP DisconnectCause Code (L2TP AVP 46) isincluded in VSA 26-51 in theAccounting-Stopmessage that therouter sends to the RADIUS server.
Disconnect-Cause26-51
Nostring: dhcp-optionsClient DHCP options.
Starting in Junos OS Release 17.4R1,includes only DHCPv4 options. Inearlier releases, includes bothDHCPv4 and DHCPv6 options.
DHCP-Options26-55
Nostring:mac-addressClient MAC address.DHCP-MAC-Address26-56
Nointeger: 4-octetDHCP relay agent IP address.DHCP-GI-Address26-57
145Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Yessalt-encrypted integer
0=stopmirroring
1=start mirroring
2=no action
Traffic mirroring action.
For dynamic CoA, VSA 26-58changes the action on themirroredtraffic identified by VSA 26-59.
CoA-Requestmessages that includeany of the RADIUS-basedmirroringattributes (VSAs 26-58, 26-59,26-60, or 26-61) must alwaysinclude all four VSAs.
If the CoA action is to stopmirroring(VSA 26-58 value is 0), then thevalues of the other three attributesin theCoAmessagemustmatch theexisting attribute values, or theaction fails.
LI-Action26-58
Nosalt-encrypted stringIdentifier that associates mirroredtraffic to a specific subscriber.
For dynamic CoA, VSA 26-58changes the action on themirroredtraffic identified by VSA 26-59.
CoA-Requestmessages that includeany of the RADIUS-basedmirroringattributes (VSAs 26-58, 26-59,26-60, or 26-61) must alwaysinclude all four VSAs.
Med-Dev-Handle26-59
Nosalt-encrypted IP addressIP address of content destinationdevice to which mirrored traffic isforwarded.
CoA-Requestmessages that includeany of the RADIUS-basedmirroringattributes (VSAs 26-58, 26-59,26-60, or 26-61) must alwaysinclude all four VSAs.
Med-Ip-Address26-60
Nosalt-encrypted integerUDP port in the content destinationdevice to which mirrored traffic isforwarded.
CoA-Requestmessages that includeany of the RADIUS-basedmirroringattributes (VSAs 26-58, 26-59,26-60, or 26-61) must alwaysinclude all four VSAs.
Med-Port-Number26-61
Nostring: interface-descriptionText string that identifies thesubscriber’s access interface.
Interface-Desc26-63
Copyright © 2018, Juniper Networks, Inc.146
Broadband Subscriber ManagementWholesale Feature Guide
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nostring: tunnel-group-nameName of the tunnel group (profile)assigned to a domain map.
Tunnel-Group26-64
Yesstring: service-nameService to activate for thesubscriber. Tagged VSA, whichsupports 8 tags (1-8).
Activate-Service26-65
Yesstring: service-nameService to deactivate for thesubscriber.
Deactivate-Service26-66
Yesinteger
• range = 0 through 16777215MB
• 0 = no limit
Amount of traffic, in MB, that canuse the service; service isdeactivated when the volume isexceeded. Tagged VSA, whichsupports 8 tags (1-8).
Service-Volume26-67
Yesinteger
• range = 0 through 16777215seconds
• 0 = no timeout
Number of seconds that the servicecan be active; service is deactivatedwhen the timeout expires. TaggedVSA, which supports 8 tags (1-8).
Service-Timeout26-68
Yesinteger
• 0 = disable
• 1 = enable time statistics
• 2=enable timeandvolumestatistics
Whether statistics for the service isenabled or disabled. Tagged VSA,which supports 8 tags (1-8).
Service-Statistics26-69
Yesstring: 32-octetAccess list to use for the group (G)filter.
IGMP-Access-Name26-71
Yesstring: 32-octetAccess list to use for thesource-group (S,G) filter.
IGMP-Access-Src-Name26-72
Yesstring: 32-octetAccess list to use for the group (G)filter.
MLD-Access-Name26-74
Yesstring: 32-octetAccess list to use for thesource-group (S,G) filter.
MLD-Access-Src-Name26-75
Yesinteger: 1-octet
• 1=MLD version 1
• 2=MLD version 2
MLD protocol version.MLD-Version26-77
147Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Yesinteger: 1-octet
• 1=IGMP version 1
• 2=IGMP version 2
• 3=IGMP version 3
IGMP protocol version.IGMP-Version26-78
Nostring: service-nameName of the service.Service-Session26-83
Nointeger: 4-octetAuthentication algorithm used forMobile IP registration.
Mobile-IP-Algorithm26-84
Nointeger: 4-octetSecurity parameter index numberfor Mobile IP registration.
Mobile-IP-SPI26-85
Nostring: keySecurity association MD5 key forMobile IP registration.
Mobile-IP-Key26-86
Nointeger: 4-octetReplay timestamp for Mobile IPregistration.
Mobile-IP-Replay26-87
Nointeger: 4-octetRegistration lifetime for Mobile IPregistration.
Mobile-IP-Lifetime26-89
Nostring: profile-nameTunnel switch profile thatdetermines whether a subscribersession is switched to a secondsession to a remote LNS. Takesprecedence over tunnel switchprofiles applied inanyothermanner.
Tunnel-Switch-Profile26-91
Nostring: actual upstream rateaccess loopparameter (ASCIIencoded)
Actual upstream rate access loopparameter (ASCII encoded) asdefined in GSMP extensions forlayer2 control (L2C) TopologyDiscovery and Line Configuration.
L2C-Up-Stream-Data26-92
Nostring: actual downstreamrate access loop parameter(ASCII encoded)
Actualdownstreamrateaccess loopparameter (ASCII encoded) asdefined in GSMP extensions forlayer2 control (L2C) TopologyDiscovery and Line Configuration.
L2C-Down-Stream-Data26-93
Copyright © 2018, Juniper Networks, Inc.148
Broadband Subscriber ManagementWholesale Feature Guide
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nointeger: 4-octet
• 0 = none
• 1 = static Layer 2
• 2 = dynamic layer 2. Thismethod is not supported;the static Layer 2 methodis used instead.
• 3=CoS. Thismethod is notsupported; the actualmethod is used instead.
• 4 = actual
• 5 = ANCP
• 6 = PPPoE IA tags
Method that determines the sourcefromwhich the transmit speed isderived. Overrides globalconfiguration in the CLI.
Tunnel-Tx-Speed-Method26-94
Yesinteger: 4-octet
• 0=disable
• 1=enable
IGMP Immediate Leave.IGMP-Immediate-Leave26-97
Yesinteger: 4-octet
• 0=disable
• 1=enable
MLD Immediate Leave.MLD-Immediate-Leave26-100
Yesstring: policy-nameInput policy name to apply to a userIPv6 interface.
IPv6-Ingress-Policy-Name26-106
Yesstring: policy-nameOutput policy name to apply to auser IPv6 interface.
IPv6-Egress-Policy-Name26-107
YesTwo parts, delimited by whitespace:
• Parameter type
• Parameter value
Examples:
• T01 smap_basic
• T02 50m
• T03 1m
• T04 2000
• T05 200
• T06 tcp-gold
• T07 frame-mode
• T08 50
CoS traffic-shaping parameter typeand description:
• T01: Scheduler-map name
• T02: Shaping rate
• T03: Guaranteed rate
• T04: Delay-buffer rate
• T05: Excess rate
• T06Traffic-control profile
• T07: Shaping mode
• T08: Byte adjust
• T09: Adjust minimum
• T10: Excess-rate high
• T11: Excess-rate low
• T12: Shaping rate burst
• T13: Guaranteed rate burst
CoS-Parameter-Type26-108
149Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nointeger: 4-byte ip-addressIP address of DHCP server thatDHCP relay agent uses to forwardthe discover PDUs.
DHCP-Guided-Relay-Server26-109
Nostring: up to 63 ASCIIcharacters
Identificationof the subscriber nodeconnection to the access node.
Acc-Loop-Cir-Id26-110
Nointeger: 8-octetUnique identificationof theDSL line.Acc-Aggr-Cir-Id-Bin26-111
Nostring: up to 63 ASCIIcharacters
Identification of the uplink on theaccess node, as in the followingexamples:
• Ethernet accessaggregation—ethernet slot/port[:inner-vlan-id] [:outer-vlan-id]
• ATM aggregation—atmslot/port:vpi.vci
Acc-Aggr-Cir-Id-Asc26-112
Nointeger: 4-octetActual upstream data rate of thesubscriber’s synchronized DSL link.
Act-Data-Rate-Up26-113
Nointeger: 4-octetActual downstreamdata rate of thesubscriber’s synchronized DSL link.
Act-Data-Rate-Dn26-114
Nointeger: 4-octetMinimum upstream data rateconfigured for the subscriber.
Min-Data-Rate-Up26-115
Nointeger: 4-octetMinimum downstream data rateconfigured for the subscriber.
Min-Data-Rate-Dn26-116
Nointeger: 4-octetMaximum upstream data rate thatthe subscriber can attain.
Att-Data-Rate-Up26-117
Nointeger: 4-octetMaximum downstream data ratethat the subscriber can attain.
Att-Data-Rate-Dn26-118
Nointeger: 4-octetMaximum upstream data rateconfigured for the subscriber.
Max-Data-Rate-Up26-119
Nointeger: 4-octetMaximum downstream data rateconfigured for the subscriber.
Max-Data-Rate-Dn26-120
Nointeger: 4-octetMinimum upstream data rate in lowpower state configured for thesubscriber.
Min-LP-Data-Rate-Up26-121
Copyright © 2018, Juniper Networks, Inc.150
Broadband Subscriber ManagementWholesale Feature Guide
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nointeger: 4-octetMinimum downstream data rate inlow power state configured for thesubscriber.
Min-LP-Data-Rate-Dn26-122
Nointeger: 4-octetMaximum one-way upstreaminterleaving delay configured for thesubscriber.
Max-Interlv-Delay-Up26-123
Nointeger: 4-octetSubscriber’s actual one-wayupstream interleaving delay..
Act-Interlv-Delay-Up26-124
Nointeger: 4-octetMaximum one-way downstreaminterleaving delay configured for thesubscriber.
Max-Interlv-Delay-Dn26-125
Nointeger: 4-octetSubscriber’s actual one-waydownstream interleaving delay.
Act-Interlv-Delay-Dn26-126
Nointeger: 4-octet
• 1 = Show uptime
• 2 = Idle
• 3 = Silent
State of the DSL line.DSL-Line-State26-127
Nointeger: 4-octetEncapsulation used by thesubscriber associated with theDSLAM interface fromwhichrequests are initiated.
DSL-Type26-128
Nostring: interface-set-nameInterfaceset toapply to thedynamicprofile.
Qos-Set-Name26-130
Yes• range = 600 through86400 seconds
• 0 = disabled
NOTE: Valuesare roundedupto the next higher multiple of10minutes. For example, asetting of 900 seconds (15minutes) is rounded up to 20minutes (1200 seconds).
Amount of time between interimaccounting updates for this service.Tagged VSA, which supports 8 tags(1-8).
Service-Interim-Acct-Interval26-140
Norange = 1000 through4,294,967,295
Calculated (adjusted) downstreamQoS rate inKbps as set by theANCPconfiguration.
Downstream-Calculated-QoS-Rate
26-141
Norange = 1000 through4,294,967,295
Calculated (adjusted) upstreamQoS rate inKbps as set by theANCPconfiguration.
Upstream-Calculated-QoS-Rate
26-142
151Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nointeger: 4-octetMaximum allowable client sessionsper interface. For DHCP clients, thisvalue is the maximum sessions perlogical interface. For PPPoE clients,this value is the maximum sessions(PPPoE interfaces) per PPPoEunderlying interface.
Max-Clients-Per-Interface26-143
YesThree parts, delimited bywhite space:
• Scheduler name
• Parameter type
• Parameter value
Examples:
• be_sched
• be_sched T01 12m
• be_sched T02 26
CoS scheduler parameter type anddescription:
• Null: CoS scheduler name
• T01: CoS scheduler transmit rate
• T02: CoS scheduler buffer size
• T03: CoS scheduler priority
• T04: CoS scheduler drop-profilelow
• T05: CoS scheduler drop-profilemedium-low
• T06: CoS scheduler drop-profilemedium-high
• T07: CoS scheduler drop-profilehigh
• T08: CoS scheduler drop-profileany
CoS-Scheduler-Pmt-Type26-146
NointegerIPv6 receive octets.IPv6-Acct-Input-Octets26-151
NointegerIPv6 transmit octets.IPv6-Acct-Output-Octets26-152
NointegerIPv6 receive packets.IPv6-Acct-Input-Packets26-153
NointegerIPv6 transmit packets.IPv6-Acct-Output-Packets26-154
NointegerIPv6 receive gigawords.IPv6-Acct-Input-Gigawords26-155
NointegerIPv6 transmit gigawords.IPv6-Acct-Output-Gigawords26-156
NostringRoute add for PPPoE sessionsPPPoE-Padn26-158
Copyright © 2018, Juniper Networks, Inc.152
Broadband Subscriber ManagementWholesale Feature Guide
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
NointegerTrunk VLAN tag corresponding tothe core-facing trunk physicalinterface.
Vlan-Map-Id (26-160),Inner-Vlan-Map-Id (26-184), andCore-Facing-Interface (26-185)collectively represent the networkservice provider-facing location forthe subscriber for the Layer 2cross-connect inaLayer2wholesaleconfiguration.
Vlan-Map-Id26-160
NostringAddresspoolused to locally allocatea delegated prefix (IA_PD).
IPv6-Delegated-Pool-Name26-161
NostringIndication of transmit speed of theuser’s connection.
Tx-Connect-Speed26-162
NostringIndication of receive speed of theuser’s connection.
Rx-Connect-Speed26-163
NostringIndicates to server status ofon-demand address allocation anddeallocation.
IPv4-Release-Control26-164
Nointeger: 4-octet
• 1 = dynamic-profile forresidential services
• 2 = op-script for businessservices
Indication of service activation type.This is a tagged attribute.
Service-Activate-Type26-173
NostringEnables RADIUS to override anassigned client dynamic profilewiththe included profile.
Client-Profile-Name26-174
NostringEffective downstream shaping ratefor subscriber.
Cos-Shaping-Rate26-177
Yesinteger
• range = 0 through 167772154GB units
• 0 = no limit
Amount of traffic, in 4GB units, thatcan use the service; service isdeactivated when the volume isexceeded. Tagged VSA, whichsupports 8 tags (1-8).
Service-Volume-Gigawords26-179
Yesstring: service-nameNew values of service and timequotas for existing service. TaggedVSA, which supports 8 tags (1-8).
Update-Service26-180
153Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nohexadecimal string:ipv6-address
IPv6 addresses of DHCPv6 serversto which DHCPv6 relay agentforwards theSolicit andsubsequentPDUs. Usemultiple instances of theVSA to specify a list of servers.
DHCPv6-Guided-Relay-Server26-181
NostringReports the ANCPAccess-Loop-Remote-ID attribute.
Acc-Loop-Remote-Id26-182
Nohexadecimal stringReports the ANCPAccess-Loop-Encapsulationattribute.
Acc-Loop-Encap26-183
NointegerInner VLAN tag allocated from theranges provisioned on thecore-facing physical interface, usedto swap (replace) the autosensedVLAN tag on the access interface.
Vlan-Map-Id (26-160),Inner-Vlan-Map-Id (26-184), andCore-Facing-Interface (26-185)collectively represent the networkservice provider-facing location forthe subscriber for the Layer 2cross-connect inaLayer2wholesaleconfiguration.
Inner-Vlan-Map-Id26-184
NostringName of the core-facing physicalinterface that forwards the Layer 2wholesale session’s downstreamand upstream traffic relative to thenetwork service provider (NSP)router.
Vlan-Map-Id (26-160),Inner-Vlan-Map-Id (26-184), andCore-Facing-Interface (26-185)collectively represent the networkservice provider-facing location forthe subscriber for the Layer 2cross-connect inaLayer2wholesaleconfiguration.
Core-Facing-Interface26-185
Nointeger: 4-byte ip-addressIPv4 address of the first relay link ofa client/server binding.
DHCP-First-Relay-IPv4-Address26-189
Nohexadecimal string:ipv6-address
IPv6 address of the first relay link ofa client/server binding.
DHCP-First-Relay-IPv6-Address26-190
NostringName of an input filter to beattached to a family any interface.
Input-Interface-Filter26-191
Copyright © 2018, Juniper Networks, Inc.154
Broadband Subscriber ManagementWholesale Feature Guide
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
NostringName of an output filter to beattached to a family any interface.
Output-Interface-Filter26-192
Yesinteger: 4-octet
• 0 = disable
• anynonzero value=enable
Enable or disable PIM on a BRASuser’s interface.
Pim-Enable26-193
Yesinteger: 4-octetA common identifier or tag toassociate the series of related CoARequests as a transaction. Thisattribute is untagged and value 0 isreserved.
Bulk-CoA-Transaction-Id26-194
Yesinteger: 4-octetA unique identifier for each CoARequest message that is part of thesametransactionasspecifiedby theBulk-CoA-Transaction-Id VSA. Thisattribute is untagged and the value0 is reserved.
Bulk-CoA-Identifier26-195
YesstringNameof an IPv4 input service set tobe attached.
IPv4-Input-Service-Set26-196
YesstringName of an IPv4 output service setto be attached.
IPv4-Output-Service-Set26-197
YesstringName of an IPv4 input service filterto be attached.
IPv4-Input-Service-Filter26-198
YesstringNameofan IPv4output service filterto be attached.
IPv4-Output-Service-Filter26-199
YesstringNameof an IPv6 input service set tobe attached.
IPv6-Input-Service-Set26-200
YesstringName of an IPv6 output service setto be attached.
IPv6-Output-Service-Set26-201
YesstringName of an IPv6 input service filterto be attached.
IPv6-Input-Service-Filter26-202
YesstringNameofan IPv6output service filterto be attached.
IPv6-Output-Service-Filter26-203
YesstringName of a PCEF profile to beattached.
Adv-Pcef-Profile-Name26-204
YesstringName of a PCC rule to activate.Adv-Pcef-Rule-Name26-205
155Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 10: Supported Juniper Networks VSAs (continued)
DynamicCoASupportValueDescriptionAttribute Name
AttributeNumber
Nointeger
• 0 = disable
• 1 = Initiate reauthenticationwhen DHCP renew requestis received from the client
• all other values = invalid
Reason that the client application isreauthenticated.
Reauthentication-On-Renew26-206
Nohexadecimal stringDHCPv6 client and server optionsexchanged with the RADIUS serveras TLV options.
In releases earlier than Junos OSRelease 18.1R1, this VSA is notsupported. DHCPv6 options areincluded instead in 26-55,DHCP-Options.
DHCPv6-Options26-207
Nohexadecimal stringDHCPv4 packet header sent to theRADIUS server; used to instantiatedynamic subscriber interfaces.
DHCP-Header26-208
Nohexadecimal stringDHCPv6 packet header sent to theRADIUS server; used to instantiatedynamic subscriber interfaces.
DHCPv6-Header26-209
Nointeger: 4-octet
• 0x0001 = Acct-Start-Ack;that is, receipt of an Acctresponse for theAcct-Startmessage
0x0002 = Periodic/Timedinterval interim
0x0004 = IP active
0x0008 = IP inactive
0x0010 = IPv6 active
0x0020 = IPv6 inactive
0x0040 = Session active
0x0080=Session inactive
0x0100 = Line speedchange
0x0200 = Addressassignment change
0x0400 = Completion ofprocessing of CoA request
Reason for sending anAccounting-Request message.
Acct-Request-Reason26-210
Copyright © 2018, Juniper Networks, Inc.156
Broadband Subscriber ManagementWholesale Feature Guide
RelatedDocumentation
AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs
for Junos OS on page 157
•
• AAA Accounting Messages and Supported RADIUS Attributes and Juniper Networks
VSAs for Junos OS on page 164
• Junos OS Predefined Variables That Correspond to RADIUS Attributes and VSAs
AAAAccessMessages and Supported RADIUS Attributes and Juniper Networks VSAsfor Junos OS
Table 11 on page 157 shows the RADIUS attributes and Juniper Networks VSAs support in
AAAaccessmessages.Acheckmark inacolumn indicates that themessage typesupports
that attribute.
Table 11: AAA AccessMessages: Supported RADIUS Attributes and Juniper Networks VSAs
DisconnectRequest
CoARequest
AccessChallenge
AccessReject
AccessAccept
AccessRequestAttribute Name
AttributeNumber
✓✓––✓✓User-Name1
–––––✓User-Password2
–––––✓CHAP-Password3
–––––✓NAS-IP-Address4
–––––✓NAS-Port5
––––✓✓Service-Type6
––––✓✓Framed-Protocol7
–✓––✓✓Framed-IP-Address8
––––✓–Framed-IP-Netmask9
––––✓–Filter-Id11
–––––✓Framed-MTU12
––✓✓✓–Reply-Message18
––––✓–Framed-Route22
––✓–✓✓State24
–✓––✓–Class25
–✓––✓✓Virtual-Router26-1
157Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 11: AAA AccessMessages: Supported RADIUS Attributes and Juniper NetworksVSAs (continued)
DisconnectRequest
CoARequest
AccessChallenge
AccessReject
AccessAccept
AccessRequestAttribute Name
AttributeNumber
––––✓–Primary-DNS26-4
––––✓–Secondary-DNS26-5
––––✓–Primary-WINS26-6
––––✓–Secondary-WINS26-7
––––✓–Tunnel-Virtual-Router26-8
––––✓–Tunnel-Password26-9
––––✓–Ingress-Policy-Name26-10
––––✓–Egress-Policy-Name26-11
––––✓–IGMP-Enable26-23
–––––✓PPPoE-Description26-24
––––✓–Redirect-VR-Name26-25
––––✓–Service-Bundle26-31
––––✓–Tunnel-Maximum-Sessions26-33
––––✓–Framed-IP-Route-Tag26-34
––––✓–Ipv6-Primary-DNS26-47
––––✓–Ipv6-Secondary-DNS26-48
–––––✓DHCP-Options26-55
––––✓✓DHCP-MAC-Address26-56
–––––✓DHCP-GI-Address26-57
–✓––✓–LI-Action26-58
–✓––✓–Med-Dev-Handle26-59
–✓––✓–Med-Ip-Address26-60
–✓––✓–Med-Port-Number26-61
Copyright © 2018, Juniper Networks, Inc.158
Broadband Subscriber ManagementWholesale Feature Guide
Table 11: AAA AccessMessages: Supported RADIUS Attributes and Juniper NetworksVSAs (continued)
DisconnectRequest
CoARequest
AccessChallenge
AccessReject
AccessAccept
AccessRequestAttribute Name
AttributeNumber
–––––✓Interface-Desc26-63
––––✓–Tunnel-Group26-64
–✓––✓–Activate-Service26-65
–✓––✓–Deactivate-Service26-66
–✓––✓–Service-Volume26-67
–✓––✓–Service-Timeout26-68
–✓––✓–Service-Statistics26-69
––––✓–IGMP-Access-Name26-71
––––✓–IGMP-Access-Src-Name26-72
––––✓–MLD-Access-Name26-74
––––✓–MLD-Access-Src-Name26-75
––––✓–MLD-Version26-77
––––✓–IGMP-Version26-78
––––✓–Tunnel-Switch-Profile26-91
–––––✓L2C-Up-Stream-Data26-92
–––––✓L2C-Down-Stream-Data26-93
––––✓–Tunnel-Tx-Speed-Method26-94
–––✓–IGMP-Immediate-Leave26-97
––––✓–MLD-Immediate-Leave26-100
––––✓–IPv6-Ingress-Policy-Name26-106
––––✓–IPv6-Egress-Policy-Name26-107
–✓––✓–CoS-Parameter-Type26-108
––––✓–DHCP-Guided-Relay-Server26-109
159Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 11: AAA AccessMessages: Supported RADIUS Attributes and Juniper NetworksVSAs (continued)
DisconnectRequest
CoARequest
AccessChallenge
AccessReject
AccessAccept
AccessRequestAttribute Name
AttributeNumber
–––––✓Acc-Loop-Cir-Id26-110
–––––✓Acc-Aggr-Cir-Id-Bin26-111
–––––✓Acc-Aggr-Cir-Id-Asc26-112
–––––✓Act-Data-Rate-Up26-113
–––––✓Act-Data-Rate-Dn26-114
–––––✓Min-Data-Rate-Up26-115
–––––✓Min-Data-Rate-Dn26-116
–––––✓Att-Data-Rate-Up26-117
–––––✓Att-Data-Rate-Dn26-118
–––––✓Max-Data-Rate-Up26-119
–––––✓Max-Data-Rate-Dn26-120
–––––✓Min-LP-Data-Rate-Up26-121
–––––✓Min-LP-Data-Rate-Dn26-122
–––––✓Max-Interlv-Delay-Up26-123
–––––✓Act-Interlv-Delay-Up26-124
–––––✓Max-Interlv-Delay-Dn26-125
–––––✓Act-Interlv-Delay-Dn26-126
–––––✓DSL-Line-State26-127
–––––✓DSL-Type26-128
––––✓–QoS-Set-Name26-130
–✓––✓–Service-Interim-Account-Interval26-140
–––––✓Downstream-Calculated-QoS-Rate26-141
–––––✓Upstream-Calculated-QoS-Rate26-142
Copyright © 2018, Juniper Networks, Inc.160
Broadband Subscriber ManagementWholesale Feature Guide
Table 11: AAA AccessMessages: Supported RADIUS Attributes and Juniper NetworksVSAs (continued)
DisconnectRequest
CoARequest
AccessChallenge
AccessReject
AccessAccept
AccessRequestAttribute Name
AttributeNumber
––––✓–Max-Clients-Per-Interface26-143
–✓––✓–Cos-Scheduler-Pmt-Type26-146
––––✓–PPPoE-Padn26-158
––––✓–Vlan-Map-Id26-160
––––✓–IPv6-Delegated-Pool-Name26-161
–––––✓Tx-Connect-Speed26-162
–––––✓Rx-Connect-Speed26-163
–––––✓IPv4-Release-Control26-164
–✓––✓–Service-Activate-Type26-173
––––✓–Client-Profile-Name26-174
–✓––✓–Service-Volume-Gigawords26-179
–✓––––Update-Service26-180
––––✓–DHCPv6-Guided-Relay-Server26-181
–––––✓Acc-Loop-Remote-Id26-182
–––––✓Acc-Loop-Encap26-183
––––✓–Inner-Vlan-Map-Id26-184
–––––✓DHCP-First-Relay-IPv4-Address26-189
–––––✓DHCP-First-Relay-IPv6-Address26-190
–––––✓Input-Interface-Filter26-191
–––––✓Output-Interface-Filter26-192
––––✓–Pim-Enable26-193
–✓––––Bulk-CoA-Transaction-Id26-194
–✓––––Bulk-CoA-Identifier26-195
161Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 11: AAA AccessMessages: Supported RADIUS Attributes and Juniper NetworksVSAs (continued)
DisconnectRequest
CoARequest
AccessChallenge
AccessReject
AccessAccept
AccessRequestAttribute Name
AttributeNumber
–––––✓IPv4-Input-Service-Set26-196
–––––✓IPv4-Output-Service-Set26-197
–––––✓IPv4-Input-Service-Filter26-198
–––––✓IPv4-Output-Service-Filter26-199
–––––✓IPv6-Input-Service-Set26-200
–––––✓IPv6-Output-Service-Set26-201
–––––✓IPv6-Input-Service-Filter26-202
–––––✓IPv6-Output-Service-Filter26-203
–––––✓Adv-Pcef-Profile-Name26-204
–––––✓Adv-Pcef-Rule-Name26-205
––––✓–Re-Authentication-On-Renew26-206
––––✓✓DHCPv6-Options26-207
–––––✓DHCP-Header26-208
–––––✓DHCPv6-Header26-209
––✓–✓–Session-Timeout27
––✓–✓–Idle-Timeout28
–✓–––✓Calling-Station-ID31
–––––✓NAS-Identifier32
✓✓–––✓Acct-Session-ID44
–––––✓NAS-Port-Type61
––––✓✓Tunnel-Type64
––––✓✓Tunnel-Medium-Type65
––––✓✓Tunnel-Client-Endpoint66
Copyright © 2018, Juniper Networks, Inc.162
Broadband Subscriber ManagementWholesale Feature Guide
Table 11: AAA AccessMessages: Supported RADIUS Attributes and Juniper NetworksVSAs (continued)
DisconnectRequest
CoARequest
AccessChallenge
AccessReject
AccessAccept
AccessRequestAttribute Name
AttributeNumber
––––✓✓Tunnel-Server-Endpoint67
––––✓✓Acct-Tunnel-Connection68
––––✓–Tunnel-Password69
––––✓✓Tunnel-Assignment-Id82
––––✓–Tunnel-Preference83
––––✓–Acct-Interim-Interval85
–✓–––✓NAS-Port-Id87
––––✓–Framed-Pool88
––––✓✓Tunnel-Client-Auth-Id90
––––✓✓Tunnel-Server-Auth-Id91
–––––✓NAS-IPv6-Address95
––––✓–Framed-Interface-ID96
––––✓–Framed-IPv6-Prefix97
––––✓✓Login-IPv6-Host98
––––✓–Framed-IPv6-Route99
––––✓–Framed-IPv6-Pool100
✓✓––––Error-Cause101
––––✓–Delegated-IPv6-Prefix123
––––✓–Framed-IP-Address168
–✓––✓–Ascend-Data-Filter242
RelatedDocumentation
AAA Accounting Messages and Supported RADIUS Attributes and Juniper Networks
VSAs for Junos OS on page 164
•
• RADIUSAttributes and Juniper Networks VSAsSupported by theAAAService Framework
163Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
• RADIUS IETF Attributes Supported by the AAA Service Framework
• Juniper Networks VSAs Supported by the AAA Service Framework on page 143
AAAAccountingMessages and Supported RADIUS Attributes and Juniper NetworksVSAs for Junos OS
Table 12 on page 164 shows the RADIUS attributes and Juniper Networks VSAs support
in AAA accountingmessages. A checkmark in a column indicates that themessage type
supports that attribute.
Table 12: AAAAccountingMessages—Supported RADIUSAttributes andJuniper Networks VSAs
AcctOffAcctOn
InterimAcct
AcctStop
AcctStartAttribute Name
AttributeNumber
––✓✓✓User-Name1
––––✓CHAP-Password3
✓✓✓✓✓NAS-IP-Address4
––✓✓✓NAS-Port5
––✓✓✓Service-Type6
––✓✓✓Framed-Protocol7
––✓✓✓Framed-IP-Address8
––✓✓✓Framed-IP-Netmask9
––✓✓–Filter-Id11
––✓✓✓Framed-Route22
––✓✓✓Class25
––✓✓✓Virtual-Router26-1
––✓✓✓Ingress-Policy-Name26-10
––✓✓✓Egress-Policy-Name26-11
––✓✓✓PPPoE-Description26-24
––✓✓–Input-Gigapackets26-42
––✓✓–Output-Gigapackets26-43
Copyright © 2018, Juniper Networks, Inc.164
Broadband Subscriber ManagementWholesale Feature Guide
Table 12: AAAAccountingMessages—Supported RADIUSAttributes andJuniper Networks VSAs (continued)
AcctOffAcctOn
InterimAcct
AcctStop
AcctStartAttribute Name
AttributeNumber
––✓✓✓Ipv6-Primary-DNS26-47
––✓✓✓Ipv6-Secondary-DNS26-48
–––✓–Disconnect-Cause26-51
––✓✓✓DHCP-Options26-55
––✓✓✓DHCP-MAC-Address26-56
––✓✓✓DHCP-GI-Address26-57
––✓✓✓Interface-Desc26-63
––✓✓–Service-Session26-83
––✓✓✓L2C-Up-Stream-Data26-92
––✓✓✓L2C-Down-Stream-Data26-93
––✓✓✓Acc-Loop-Cir-Id26-110
––✓✓✓Acc-Aggr-Cir-Id-Bin26-111
––✓✓✓Acc-Aggr-Cir-Id-Asc26-112
––✓✓✓Act-Data-Rate-Up26-113
––✓✓✓Act-Data-Rate-Dn26-114
––✓✓✓Min-Data-Rate-Up26-115
––✓✓✓Min-Data-Rate-Dn26-116
––✓✓✓Att-Data-Rate-Up26-117
––✓✓✓Att-Data-Rate-Dn26-118
––✓✓✓Max-Data-Rate-Up26-119
––✓✓✓Max-Data-Rate-Dn26-120
––✓✓✓Min-LP-Data-Rate-Up26-121
––✓✓✓Min-LP-Data-Rate-Dn26-122
165Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 12: AAAAccountingMessages—Supported RADIUSAttributes andJuniper Networks VSAs (continued)
AcctOffAcctOn
InterimAcct
AcctStop
AcctStartAttribute Name
AttributeNumber
––✓✓✓Max-Interlv-Delay-Up26-123
––✓✓✓Act-Interlv-Delay-Up26-124
––✓✓✓Max-Interlv-Delay-Dn26-125
––✓✓✓Act-Interlv-Delay-Dn26-126
––✓✓✓DSL-Line-State26-127
––✓✓✓DSL-Type26-128
––✓✓✓Downstream-Calculated-QoS-Rate26-141
––✓✓✓Upstream-Calculated-QoS-Rate26-142
––✓✓–IPv6-Acct-Input-Octets26-151
––✓✓–IPv6-Acct-Output-Octets26-152
––✓✓–IPv6-Acct-Input-Packets26-153
––✓✓–IPv6-Acct-Output-Packets26-154
––✓✓–IPv6-Acct-Input-Gigawords26-155
––✓✓–IPv6-Acct-Output-Gigawords26-156
––✓✓✓Vlan-Map-Id26-160
––✓✓✓Tx-Connect-Speed26-162
––✓✓✓Rx-Connect-Speed26-163
––✓––IPv4-Release-Control26-164
––✓✓✓Cos-Shaping-Rate26-177
–––✓✓Acc-Loop-Remote-Id26-182
–––✓✓Acc-Loop-Encap26-183
–––✓✓Inner-Vlan-Map-Id26-184
–––✓✓Core-Facing-Interface26-185
Copyright © 2018, Juniper Networks, Inc.166
Broadband Subscriber ManagementWholesale Feature Guide
Table 12: AAAAccountingMessages—Supported RADIUSAttributes andJuniper Networks VSAs (continued)
AcctOffAcctOn
InterimAcct
AcctStop
AcctStartAttribute Name
AttributeNumber
––✓✓✓DHCP-First-Relay-IPv4-Address26-188
––✓✓✓DHCP-First-Relay-IPv6-Address26-190
––✓✓✓Input-Interface-Filter26-191
––✓✓✓Output-Interface-Filter26-192
––✓✓✓DHCPv6-Options26-207
––✓–✓Acct-Request-Reason26-210
––✓✓✓Calling-Station-ID31
✓✓✓✓✓NAS-Identifier32
✓✓✓✓✓Acct-Status-Type40
✓✓✓✓✓Acct-Delay-Time41
––✓✓–Acct-Input-Octets42
––✓✓–Acct-Output-Octets43
✓✓✓✓✓Acct-Session-ID44
✓✓✓✓✓Acct-Authentic45
––✓✓–Acct-Session-Time46
––✓✓–Acct-Input-Packets47
––✓✓–Acct-Output-Packets48
––✓✓–Acct-Terminate-Cause49
––✓✓–Acct-Input-Gigawords52
––✓✓–Acct-Output-Gigawords53
✓✓✓✓✓Event-Timestamp55
––✓✓✓NAS-Port-Type61
––✓✓✓Tunnel-Type64
167Copyright © 2018, Juniper Networks, Inc.
Chapter 8: ANCP-Triggered Layer 2Wholesale Service Overview
Table 12: AAAAccountingMessages—Supported RADIUSAttributes andJuniper Networks VSAs (continued)
AcctOffAcctOn
InterimAcct
AcctStop
AcctStartAttribute Name
AttributeNumber
––✓✓✓Tunnel-Medium-Type65
––✓✓✓Tunnel-Client-Endpoint66
––✓✓✓Tunnel-Server-Endpoint67
––✓✓✓Acct-Tunnel-Connection68
–––✓✓Connect-Info77
––✓✓✓Tunnel-Assignment-Id82
––✓✓✓NAS-Port-Id87
––✓✓✓Tunnel-Client-Auth-Id90
––✓✓✓Tunnel-Server-Auth-Id91
––✓✓✓Framed-IPv6-Route99
––✓✓✓Framed-IPv6-Pool100
––✓✓✓Delegated-IPv6-Prefix123
RelatedDocumentation
• AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs
for Junos OS on page 157
• RADIUSAttributes and Juniper Networks VSAsSupported by theAAAService Framework
• RADIUS IETF Attributes Supported by the AAA Service Framework
• Juniper Networks VSAs Supported by the AAA Service Framework on page 143
Copyright © 2018, Juniper Networks, Inc.168
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 9
Configuring ANCP-Triggered Layer 2Wholesale Services
• Configuring ANCP Neighbors on page 169
• Configuring the ANCP Agent for ANCP-Triggered, Autosensed Dynamic
VLANs on page 171
• Configuring a Username for Authentication of Out-of-Band Triggered Dynamic
VLANs on page 172
• Configuring Out-of-Band ANCPMessages to Trigger Dynamic VLAN
Instantiation on page 173
• TriggeringANCPOAMtoSimulateANCPPortDownandPortUpMessagesonpage 174
• Configuring the ANCP Agent to Dampen the Effects of Short-Term Adjacency
Losses on page 176
• Reestablishing Pending Access Line Sessions for Layer 2Wholesale on page 177
• Configuring Multiple Non-Overlapping VLAN Ranges for Core-Facing Physical
Interfaces on page 177
• Clearing ANCP Access Loops on page 178
Configuring ANCPNeighbors
Youmust configure each neighboring access node that you want the ANCP agent to
monitor and potentially shape traffic for. Some neighbor settings override globally
configured values.
To configure an ANCP neighbor:
1. Specify the IP address of the neighbor.
[edit protocols ancp]user@host# set neighbor 203.0.113.234
2. (Optional) Configure the neighbor to operate in a backward-compatible mode when
it does not support the current IETF standard and the backward-compatiblemode is
not configured globally.
[edit protocols ancp neighbor 203.0.113.234]user@host# set pre-ietf-mode
169Copyright © 2018, Juniper Networks, Inc.
3. (Optional) Override the globally configured backward-compatible mode when the
neighbor supports the current IETF standard.
[edit protocols ancp neighbor 203.0.113.234]user@host# set ietf-mode
4. (Optional) Configure the interval in seconds between ANCP adjacency messages
exchanged with this neighbor.
[edit protocols ancp neighbor 203.0.113.234]user@host# set adjacency-timer 20
5. (Optional) Specify themaximumnumber of discovery table entries that are accepted
from this neighbor.
[edit protocols ancp neighbor 203.0.113.234]user@host# setmaximum-discovery-table-entries 10000
6. (Optional) Enable out-of-band ANCP triggering of autosensed, dynamic VLANs on
the physical interface.
[edit protocols ancp neighbor 203.0.113.234]user@host# set auto-configure-trigger interface ge-1/0/0
7. (Optional)Configurehow long theANCPagentmaintains aLayer 2wholesale session
when an adjacency loss occurs.
[edit protocols ancp neighbor 203.0.113.234]user@host# set adjacency-loss-hold-time 10
RelatedDocumentation
Configuring the ANCP Agent•
• Configuring the ANCP Agent for Backward Compatibility
• Specifying the Interval Between ANCP Adjacency Messages
• Specifying the Maximum Number of Discovery Table Entries
• Configuring the ANCP Agent to Dampen the Effects of Short-Term Adjacency Losses
on page 176
Copyright © 2018, Juniper Networks, Inc.170
Broadband Subscriber ManagementWholesale Feature Guide
Configuring the ANCP Agent for ANCP-Triggered, Autosensed Dynamic VLANs
Starting in Junos OS Release 16.1R4, you can configure the ANCP agent to associate a
neighborwithanaccess-facingphysical interface for thecreationofautosenseddynamic
VLANs on the interface. When the ANCP agent receives a Port Upmessage from the
neighbor, it triggers notification to the autoconfd daemon to initiate the detection,
authorization, and creation of dynamic VLANs. Receipt of an out-of-band ANCP Port
Downmessage triggers notification to the autoconfd daemon to initiate the destruction
of an existing VLAN on the interface.
This configuration assumes the following:
• The dynamic profile is configured to instantiate a dynamic VLANwhen notified by the
ANCP agent that it has received an out-of-band ANCP Port Upmessage.
• The RADIUS authentication server is properly configured to authorize the VLANs and
apply services as needed.
• TheANCPagent is configured to initiate interimaccountingupdates (whichalsoenables
immediate interim accounting updates) in response to information received in Port Up
messages.
Tomap a neighbor to a physical interface for autosensed dynamic VLANs:
• Specify the physical interface name.
[edit protocols ancp]user@host# set auto-configure-trigger interface physical-interface-name
Release History Table DescriptionRelease
Starting in Junos OS Release 16.1R4, you can configure the ANCP agent toassociateaneighborwithanaccess-facingphysical interface for the creationof autosensed dynamic VLANs on the interface.
16.1R4
RelatedDocumentation
Configuring the ANCP Agent•
• Configuring ANCP Neighbors on page 169
• ANCP and the ANCP Agent Overview
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
• Configuring Out-of-Band ANCPMessages to Trigger Dynamic VLAN Instantiation on
page 173
171Copyright © 2018, Juniper Networks, Inc.
Chapter 9: Configuring ANCP-Triggered Layer 2Wholesale Services
Configuring aUsername forAuthenticationofOut-of-BandTriggeredDynamicVLANs
Whenasubscriber logs in, theAccess-Requestmessage that is sent to theRADIUSserver
includes a username and optionally a password generated locally on the router to
authenticate the subscriber during theVLANauthorizationprocess. For aLayer 2network
that iswholesaled toa retailerwhere thedynamicVLANsare instantiatedbyout-of-band
ANCP Port Upmessages, you can configure the router to create a unique usernamewith
the value of the ANCP TLVs—Access-Loop-Circuit-ID, Access-Loop-Remote-Id, or
both—as received in the ANCP Port Upmessage from the access node.
This configuration assumes the following:
• The ANCP agent is configured to notify AAA when it receives ANCP Port Up and Port
Downmessages.
• The dynamic profile is configured to instantiate a dynamic VLANwhen notified by the
ANCP agent that it has received an out-of-band ANCP Port Upmessage.
• The RADIUS authentication server is properly configured.
To include ANCP TLVs in the authentication username
1. (Optional) Specify inclusion of the Access-Loop-Circuit-ID TLV value.
[edit interfaces ge-0/0/0 auto-configure vlan-ranges username-include]user@host# set circuit-id
2. (Optional) Specify inclusion of the Access-Loop-Remote-ID TLV value.
[edit interfaces ge-0/0/0 auto-configure vlan-ranges username-include]user@host# set remote-id
NOTE: This ANCP information is not supported in stacked VLANs.
NOTE: You can use any of the attributes available to the username-include
statement, except:mac-address, option-18, option-37, and option-82.
You can include other information in the username as for conventional autosensed
dynamicVLANs.Alternatively, if youconfigure the router to conveyANCP-sourcedaccess
loop attributes as Juniper Networks VSAs—in this case Acc-Loop-Cir-Id (26-110) and
Acc-Loop-Remote-Id (26-182)—theAccess-Requestmessage includes sufficient unique
access line information for the RADIUS server to determine whether the access loop is
wholesaled to a retailer or retained for the wholesaler.
RelatedDocumentation
Configuring VLAN Interface Username Information for AAA Authentication•
• Configuring Out-of-Band ANCPMessages to Trigger Dynamic VLAN Instantiation on
page 173
Copyright © 2018, Juniper Networks, Inc.172
Broadband Subscriber ManagementWholesale Feature Guide
• Configuring the ANCP Agent for ANCP-Triggered, Autosensed Dynamic VLANs on
page 171
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
Configuring Out-of-Band ANCPMessages to Trigger Dynamic VLAN Instantiation
The instantiation of conventional autosensed dynamic VLANs is triggered by in-band
PPPoE or DHCP control packets that the Packet Forwarding Engine exceptions to the
Routing Engine. AVLAN is authorized basedon information extracted fromspecific fields
and created according to a dynamic profile assigned to the VLAN range or stacked VLAN
range.
Anotherway to instantiateanautosenseddynamicVLAN iswith theprocessingofpackets
from an out-of-band protocol, ANCP. The out-of-band protocol method is useful where
the traffic receivedmight not be PPPoE or DHCP, such as in a Layer 2wholesale scenario,
where the traffic for an entire outer VLAN is wholesaled to a retailer and the VLANs are
based on access line identifiers.
For thismethod, youconfigure thedynamicprofile toacceptpackets fromtheout-of-band
protocol. The dynamic profile is on an access-facing physical interface and is associated
with a VLAN range available for the autosensed VLANs.
This configuration assumes the following:
• The dynamic profile is configured to instantiate a dynamic VLANwhen notified by the
ANCP agent that it has received an out-of-band ANCP Port Upmessage.
• The RADIUS authentication server is properly configured to authorize the VLANs and
apply services as needed.
• The ANCP agent is configured to notify AAA when it receives ANCP Port Up and Port
Downmessages.
• TheANCPagent is configured to initiate interimaccountingupdates (whichalsoenables
immediate interim accounting updates) in response to information received in Port Up
messages.
NOTE: Out-of-band triggering is supported only for single-tag VLANs; it isnot supported for stacked VLANs.
To configure the instantiation of autosensed dynamic VLANs by out-of-band ANCP
packets:
• Specify that ANCP packets are accepted.
[edit interfaces interface-nameauto-configurevlan-rangesdynamic-profileprofile-name]user@host# set accept-out-of-band ancp
173Copyright © 2018, Juniper Networks, Inc.
Chapter 9: Configuring ANCP-Triggered Layer 2Wholesale Services
RelatedDocumentation
Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99•
• Configuring the ANCP Agent for ANCP-Triggered, Autosensed Dynamic VLANs on
page 171
• Configuring VLAN Interface Username Information for AAA Authentication
• Configuring an Interface to Use the Dynamic Profile Configured to Create Single-Tag
VLANs
Triggering ANCPOAM to Simulate ANCP Port Down and Port UpMessages
You can trigger ANCP OAM to simulate the sending of an ANCP Port-Down or Port-Up
message. Typically you use this feature only when troubleshooting an ANCP issue or to
mitigate an error condition when ANCP is not operating normally.
When you issue either the request ancp oam port-down command or the request ancp
oam port-up command from operational mode, youmust specify either an IP address
for an ANCP neighbor or the physical interface used for subscriber access. Youmust also
specify all of the following; all three are required together to identify the access node:
• circuit-id aci—ANCP Access-Loop-Circuit-ID TLV
• remote-id ari—ANCP Access-Loop-Remote-ID TLV
• outer-vlan-id vlan-id—ANCP Access-Aggregation-Circuit-ID-Binary TLV
You can use the request ancp oam port-up command to trigger reauthorization and
re-creation of the dynamic VLAN session and logical interface that is supporting Layer
2 wholesale after they have been removed by any of the following:
• Issuance of the clear network-access aaa subscriber command.
• Receipt of a RADIUS disconnect message that does not include the RADIUS
Acct-Terminate-Cause attribute (49).
• Action by the ANCP agent.
The previous instance of the VLAN can be either ANCP-triggered (a wholesaled VLAN)
or a conventionally autosensed dynamic VLAN (an access-provider-owned VLAN).
If no access line parameters are available fromANCP for a given access line, you can use
the request ancp oamport-up command as a test mechanism to trigger authorization of
a dynamic VLAN session and logical interface. The session and interface are created
when a RADIUS Access-Accept message is subsequently received.
These commands have no effect on conventionally autosensed dynamic VLANs (for the
access provider’s own subscriber sessions) that havematching access loop attributes.
Copyright © 2018, Juniper Networks, Inc.174
Broadband Subscriber ManagementWholesale Feature Guide
NOTE: Genuine ANCP Port-Down and Port-Upmessages take precedenceover thesesimulatedmessages.Thismeans thatwhenaPort-Downmessagehas already been received, you cannot use the request ancp oam port-up
command to initiate the Port-Up condition. When a Port-Upmessage hasalready been received, you cannot use the request ancp oam port-down
command to initiate the Port-Down condition.
You can use the request ancp oam port-down command to trigger removal of the
ANCP-triggered, autosensed, dynamicVLANthat corresponds to the specifiedattributes.
The typical use for this command is to remove the VLAN created by sending a request
ancp oam port-up command.
To simulate an ANCP Port Upmessage:
• Identify the loop by the neighbor’s IP address or the access-facing physical interface,
and the ACI, ARI, and outer VLAN ID.
user@host> request ancp oam port-up neighbor 192.168.32.5 circuit-id line-aci-1remote-id line-ari-1 outer-vlan-id 126
user@host> requestancpoamport-upsubscriber-interfacege-1/0/1circuit-id line-aci-1remote-id line-ari-1 outer-vlan-id 126
To simulate an ANCP Port Downmessage:
• Identify the loop by the neighbor’s IP address or the access-facing physical interface,
and the ACI, ARI, and outer VLAN ID.
user@host> request ancp oam port-down neighbor 192.168.32.5 circuit-id line-aci-1remote-id line-ari-1 outer-vlan-id 126
user@host> request ancp oam port-down subscriber-interface ge-1/0/1 circuit-idline-aci-1 remote-id line-ari-1 outer-vlan-id 126
To verify the operation of either request, you can enter the following commands before
and after initiating the Port Down or Port Upmessage:
• show subscribers client-type vlan-oob detail—Subscriber information is displayed for
the VLAN on Port UP, or disappears on Port Down.
• show subscribers summary—The VLAN-OOB counter reflects the creation or removal
of the VLAN-OOB session by incrementing (Port Up) or decrementing (Port Down).
• show l2-routing-instance routing-instance-name—The VLAN counters reflect to reflect
the creation or removal of the VLAN-OOB session by incrementing (Port Up) or
decrementing (Port Down).
RelatedDocumentation
Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99•
175Copyright © 2018, Juniper Networks, Inc.
Chapter 9: Configuring ANCP-Triggered Layer 2Wholesale Services
Configuring the ANCP Agent to Dampen the Effects of Short-TermAdjacency Losses
By default, the ANCP agent treats a loss of adjacency as if it has received a Port Down
message for every access loop that is representedby theadjacency. All Layer 2wholesale
sessionsare loggedoutandcleanedup. If theassociatedphysical interface is in theDown
state, thenpending sessions cannotbe reestablishedwhen the interface transitionsback
to the Up state.
You can configure the ANCP agent tomaintain the corresponding ANCP-triggered Layer
2 wholesale sessions for a configurable period in the event that an ANCP adjacency is
lost. If the adjacency is restored before the timer expires, the session continues. If the
timer expires before the adjacency is restored, then the session is loggedout and cleaned
up. This behavior dampens the effect of unstable ANCP connections. The hold timer can
also detect when an access line is unconfigured on a neighbor and trigger logout and
cleanup of the related sessions.
NOTE: The default value of the timer is 0, whichmeans that the loss ofneighbor adjacency immediately triggers a logout of all corresponding Layer2 wholesale sessions.
To configure how long the ANCP agent maintains sessions in the event of an adjacency
loss for any neighbor:
• Specify the hold timer duration in seconds.
[edit protocols ancp]user@host# set adjacency-loss-hold-time seconds
To configure how long the ANCP agent maintains sessions in the event of an adjacency
loss for a specific neighbor:
• Specify the hold timer duration in seconds.
[edit protocols ancp neighbor ip-address]user@host# set adjacency-loss-hold-time seconds
RelatedDocumentation
Configuring the ANCP Agent•
• Configuring ANCP Neighbors on page 169
• ANCP and the ANCP Agent Overview
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
Copyright © 2018, Juniper Networks, Inc.176
Broadband Subscriber ManagementWholesale Feature Guide
Reestablishing Pending Access Line Sessions for Layer 2Wholesale
The access lines for ANCP-triggered, Layer 2 wholesale sessions can transition to a
pending state after an ANCP adjacency loss when the inner VLAN ID swap range has
beenexhaustedof tagsandnoother eligible core-facingphysical interfacesareavailable.
Typically, the sessions are reestablished whenmore VLAN IDs are made available, such
as by extending the swap range, or more interfaces are available, such as by
reconfiguration.Whenthatdoesnothappen, youcanmanually initiate the reestablishment
process by issuing the request auto-configuration reconnect-pending command.
Tomanually reestablish sessions for which the corresponding access lines are in the
pending state:
• Specify the routing instance with the reconnection request.
user@host> request auto-configuration reconnect-pending
RelatedDocumentation
Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99•
ConfiguringMultipleNon-OverlappingVLANRangesforCore-FacingPhysical Interfaces
You can configure up to 32 non-overlapping inner VLAN ID swap ranges for each
core-facingphysical interface inaLayer 2wholesalenetworkwithVLAN-OOBsubscribers.
VLAN IDs from the ranges are allocated to replace the outer VLAN tag on traffic received
on the access-facing physical interfaces. The swap occurs before the subscriber traffic
is forwarded to the network service provider (NSP).
You can add or remove ranges or increase or decrease the size of existing ranges even
while Layer 2 wholesale sessions are assigned to the core-facing interface associated
with the ranges. You cannot remove a range fromwhich a VLAN ID has already been
allocated. You cannot reduce a range if the new range excludes a VLAN ID that has
already been allocated.
To configure multiple ranges per interface:
• Specify the ranges.
user@host# set interfaces interface-name unit logical-unit-numberinner-vlan-id-swap-ranges low-inner-tag1–high-inner-tag1
user@host# set interfaces interface-name unit logical-unit-numberinner-vlan-id-swap-ranges low-inner-tag2–high-inner-tag2
user@host# set interfaces interface-name unit logical-unit-numberinner-vlan-id-swap-ranges low-inner-tag3–high-inner-tag3
...
You can configure the ranges in any order. For example, one way to configure three
non-overlapping ranges on interface ge-0/1/1 is the following:
[edit]user@host# set interfaces ge-0/1/1 unit 0 inner-vlan-id-swap-ranges 70-80user@host# set interfaces ge-0/1/1 unit 0 inner-vlan-id-swap-ranges 100-120
177Copyright © 2018, Juniper Networks, Inc.
Chapter 9: Configuring ANCP-Triggered Layer 2Wholesale Services
user@host# set interfaces ge-0/1/1 unit 0 inner-vlan-id-swap-ranges 10-60
Regardlessof theorder of configuration, showcommandsdisplay the ranges inascending
order from lowest to highest:
user@host> show interfaces ge-0/1/1description "ISP 1 core-facing PE1";encapsulation ethernet-vpls;unit 0 { inner-vlan-id-swap-ranges [10-60 70-80 100-120];...
RelatedDocumentation
•
Clearing ANCP Access Loops
You can force a reset of a particular Layer 2 wholesale connection while the access loop
isoperationallyupby issuing theclearancpaccess-loopcommand.Thecommand initiates
logout of an ANCP-triggered, dynamic VLAN session, which includes issuing RADIUS
Accounting-Stopmessages for the session, and removal of the dynamic VLAN logical
interface and active services. After the session is cleaned up, the command initiates
re-authorization of the dynamic VLAN session, simulating receipt of an ANCP Port Up
message. The session may then be recreated.
Youmust identify the access loop by either the IP address of the ANCP neighbor or the
name of the subscriber-facing physical interface. Youmust also specify one or more of
the following additional identifiers for the access loop:
• circuit-id—The value of the ANCP Access-Loop-Circuit-ID TLV.
• remote-id—The value of the ANCP Access-Loop-Remote-ID TLV.
• outer-vlan-id—The value of the ANCP Access-Aggregation-Circuit-ID-binary TLV.
NOTE:
The clear ancp access-loop command has no effect in the following
circumstances:
• Theaccess line is reported tobedown, as indicatedbyanANCPPortDownmessage, when the command is issued.
• An ANCP Port Downmessage is received for the access line while thedynamic VLAN logical interface and the services are being removed. In thiscase, re-authorization of the dynamic VLAN cannot take place until anANCP Port Upmessage is received for that access line.
• AconventionallyautosenseddynamicVLAN(for theaccessprovider’sownsubscriber sessions) hasmatching access loop attributes. In this case, theLayer2wholesaleaccess line forwhich thecommand is intended is cleared,but the other VLAN, for sessions owned by the access-provider, is clearedas expected.
Copyright © 2018, Juniper Networks, Inc.178
Broadband Subscriber ManagementWholesale Feature Guide
To clear an ANCP access loop:
• Identify the loop by the neighbor’s IP address or the access-facing physical interface,
and one or more of the ACI, ARI, and outer VLAN ID.
user@host>clearancpaccess-loopneighbor 192.168.32.5circuit-id line-aci-1 remote-idline-ari-1 outer-vlan-id 126
user@host> clear ancp access-loop subscriber-interface ge-1/0/1 circuit-id line-aci-1remote-id line-ari-1 outer-vlan-id 126
RelatedDocumentation
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
179Copyright © 2018, Juniper Networks, Inc.
Chapter 9: Configuring ANCP-Triggered Layer 2Wholesale Services
Copyright © 2018, Juniper Networks, Inc.180
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 10
Configuring Flat-File Accounting for Layer2 Wholesale Services
• Flat-File Accounting Overview on page 181
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services
Management on page 189
• Configuring Service Accounting in Local Flat Files on page 193
Flat-File Accounting Overview
Accounting statistics can be collected from the Packet Forwarding Engine and reported
in an XML flat file, which both contains and describes the data. Starting in Junos OS
Release 16.1R4, you can use a flat-file profile that acts as a template to define attributes
for accounting flat files.
Subscriber service accounting statistics are typically collected based on RADIUS
Acct-Start and Acct-Stopmessages that are sent to a RADIUS server individually or in
bulk. Starting in Junos OS Release 17.1R1, you can alternatively configure
service-filter-based accounting statistics to be recorded per subscriber in a local flat file
that is not automatically forwarded to a RADIUS server. This configuration collects the
running total service statistics per interface family. Service accounting is initiated when
the service profile is attached to the interface, whether by a static configuration or a
RADIUS Change of Authorization (CoA)message.
When the accounting file is created, a file header is also created if the file format is IP
Detail Record (IPDR).Theheader is not created if the format is comma-separatedvariable
(CSV). The file header includes the following information:
• XMLnamespace—Static link to theWorldWideWebConsortium(W3C)organization’s
XML Schema Instance (XSI) definition.
• Schema version—Configurable name of the schema that defines the information
conveyed in the accounting file. The schema version is associated with a specific XML
format and output based on the flat-file profile configuration that is used for the
business purpose. This structure enables the XML-formatted contents of the file to be
correctly interpreted by the service provider’s external file processor.
181Copyright © 2018, Juniper Networks, Inc.
• NAS ID—Nameof theBNGhost (networkaccessserver)where theaccountingstatistics
are collected.
• File creation timestamp—UTC time zone date and time when the accounting file was
created.
• File ID—Number identifying the file. The ID is incremented when a new accounting file
is created and can range from 1 through 2,147,483,647.
For example, consider the following sample header for an accounting file for Extensible
Subscriber Services Manager (ESSM) business subscribers:
<BNGFile xmlns:xsi=http://"www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BNG_IPDR_20130423.xsd" NAS-ID="host-mx480-x5"
FileCreationTimeStamp="2015-10-09T08:25:50" FileID=”29”><IPDR>…………</IPDR></BNGFile>
Table 13 on page 182 lists the elements and their values in the sample header.
Table 13: Value of Elements in Sample Accounting Flat File XML Header
ValueHeader ElementDescription
:xsi=http://"www.w3.org/2001/XMLSchema-instance"xmlnsXMLnamespace
BNG_IPDR_20130423.xsdxsi:noNamespaceSchemaLocationschemaversion
host-mx480-x5NAS-IDNAS ID
2015-10-09T08:25:50FileCreationTimeStampfile creationtimestamp
29FileIDFile ID
You can configure the following options for flat-file accounting at the [edit
accounting-options file filename] hierarchy level:
• Maximum size of the accounting file.
• Number of files that are saved before overwriting.
• One or more sites where the files are sent for archiving.
• Frequency at which the files are transferred to an archive site.
• Start time for file transfer.
• Compression for the transferred files.
• Local backup on the router for files when transfer fails.
Copyright © 2018, Juniper Networks, Inc.182
Broadband Subscriber ManagementWholesale Feature Guide
• Whether accounting files are saved when a change in mastership occurs for both the
newmaster Routing Engine and the new backup Routing Engine or for only the new
master Routing Engine.
• How long files are kept before being deleted from the local backup directory.
You can also create one or more flat-file profiles at the [edit accounting-options
flat-file-profileprofile-name]hierarchy level that act as templates to specify the following
attributes for new accounting files when they are created:
• Statistics fields that you want to collect, such as egress statistics or ingress statistics
fields.
• Name and format of the accounting file.
• Frequency at which the Packet Forwarding Engine is polled for the statistics.
• Schema version.
Archive sites provide security and storage for the accounting files, which are transferred
at regular intervals. Whenmore than one archive site is configured, the router attempts
to transfer the files to the first site on the list. If that fails, the router tries each of the other
sites in turn until the transfer either succeeds for one site or fails for all sites. If you
configure the last site in the list to be a local directory on the router rather than another
remote site, then the files are backed up locally if all remote sites fail. The failed files are
simply stored in the designated site. They are not automatically resubmitted to the
archival sites. Youmust use an event script or some other means to have these files
resubmitted. Any files remaining in the local directory are deleted when the
cleanup-interval expires.
Alternatively, youcanuse thebackup-on-failure statementat the [editaccounting-options
file filename] hierarchy level to back up the files locally if all the remote attempts fail. If
that occurs, the router compresses the accounting files and backs them up to the
/var/log/pfedBackup/directory.Whenever anyof thearchive sites is reachable, the router
attempts to transfer the data from /var/log/pfedBackup/ to that site in compressed
format. If the transfer of the backed-up files to the reachable site fails, the system tries
to transfer the files to any other site that becomes reachable during the transfer interval.
Any files that fail to transfer are compressed and kept in /var/log/pfedBackup/ until an
archival site is reachable and the files are successfully transferred. Any files that remain
in that directory are deleted when the cleanup-interval expires.
BEST PRACTICE: Use the backup-on-failure feature to reliably and
automaticallybackupfilesand retransmit themtoarchives rather than relyingon a local site listed as the last archive site.
If thebackupRoutingEnginedoesnothaveaccess to thearchive site—for example,when
the site is not connected bymeans of an out-of-band interface or when the path to the
site is routed through a line card—you can ensure that the backup Routing Engine’s
accounting files are backed up by using the push-backup-to-master statement at the
[edit accounting-options file filename] hierarchy level. When a change in mastership
183Copyright © 2018, Juniper Networks, Inc.
Chapter 10: Configuring Flat-File Accounting for Layer 2Wholesale Services
occurs, the new backup Routing Engine saves its files to the /var/log/pfedBackup/
directory. Themaster Routing Engine subsequently includes these files when it sends its
own accounting files to the archive site at every transfer interval.
To conserve resources during transfer of accounting files and at the archive site, use the
compress statement at the [edit accounting-options file filename] hierarchy level to
compress the files when they are transferred. This option is disabled by default.
A system logging message is generated when a transfer succeeds (transfer-file:
Transferred filename) or fails (transfer-file failed to transfer). In the event of a failure, an
error message is logged to indicate the nature of the failure.
Release History Table DescriptionRelease
Starting in Junos OS Release 17.1R1, you can alternatively configureservice-filter-based accounting statistics to be recorded per subscriber in alocal flat file that is not automatically forwarded to a RADIUS server.
17.1R1
Starting in Junos OS Release 16.1R4, you can use a flat-file profile that acts asa template to define attributes for accounting flat files.
16.1R4
RelatedDocumentation
Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
•
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Service Accounting in Local Flat Files on page 193
• Configuring Accounting-Data Log Files
Copyright © 2018, Juniper Networks, Inc.184
Broadband Subscriber ManagementWholesale Feature Guide
Configuring Flat-File Accounting for Layer 2Wholesale
Flat-fileaccounting is typicallyused for recordingaccountingstatisticson logical interfaces
for Extensible Subscriber Services Manager (ESSM) business subscribers. However,
starting in Junos OS Release 16.1R4, you can also use flat-file accounting to collect and
archive various accounting statistics for your Layer 2 wholesale environment. You do this
by creating a flat-file profile and applying it to a core-facing physical interface.
You can also configure a flat-file profile tomonitor and report Layer 2multicast statistics;
you assign this profile to the logical interface configured on the core-facing physical
interface. This approach enables you to have separate accounting files that overlap in
content only in the non-statistical, general parameters. The Layer 2 multicast statistics
are available only when the encapsulation on the logical interface is ethernet-vpls.
You can configure multiple accounting profiles with different combinations of fields for
specific accounting requirements, and then assign the profiles as needed to provisioned
interfaces to satisfy the accounting requirements for each interface depending on how
the interface is used.
A given flat-file profile can be assigned to both use cases; for example, by specifying
all-fields for a global or group level. In this case, the fields you configure appear in the
accounting record only if they make sense in the context.
BESTPRACTICE: We recommend you use separate flat-file profiles for Layer2 wholesale core-facing physical interfaces and ESSM business subscriberlogical interfaces.
Somestatistics andgeneral parameter fieldsareavailable either only for logical interfaces
oronly for physical interfaces. Theaccounting-type, line-id,nas-port-id, and vlan-idgeneral
parameters are not available for core-facing physical interfaces. Because the core-facing
physical interfaces carry Layer 2 cross-connected sessions, no useful IPv6 statistics are
available. Accordingly, do not configure the input-v6-bytes, input-v6-packets,
output-v6-bytes, or output-v6-packets overall packet fields.
To configure flat-file accounting for a Layer 2 wholesale network:
1. Create a flat-file profile.
[edit accounting-options]user@host# edit flat-file-profile profile-name
2. (Optional) Configure the name of the XML schema for the accounting flat file.
[edit accounting-options flat-file-profile profile-name]user@host# set schema-version schema-name
3. Specify the filename for the accounting file.
[edit accounting-options flat-file-profile profile-name]user@host# set file accounting-filename
185Copyright © 2018, Juniper Networks, Inc.
Chapter 10: Configuring Flat-File Accounting for Layer 2Wholesale Services
4. Specify thegeneral, nonstatistical parameters for theaccounting file thataredisplayed
as part of the accounting record header.
[edit accounting-options flat-file-profile profile-name fields]user@host# set general-param option
BESTPRACTICE: We recommend that you include the general parameterall-fields option for both core-facing physical interfaces and, when you
are collecting Layer 2multicast statistics, on the logical interface thatrepresents the physical interface.
5. Specify the accounting statistics that are collected and recorded in the accounting
file for the core-facing physical interface.
[edit accounting-options flat-file-profile profile-name fields]user@host# set egress-stats optionuser@host# set ingress-stats optionuser@host# set overall-packet option
BESTPRACTICE: Werecommend that you include the following statisticsfields in flat-file profiles for core-facing physical interfaces:
• Egress statistics fields: all-fields
• Ingress statistics fields: all-fields
• Overall packet fields: input-bytes, input-discards, input-errors,
input-packets, output-bytes, output-errors, output-packets
6. (Optional) For Layer 2 multicast statistics, specify the accounting statistics that are
collected and recorded in the accounting file for the logical interface representing the
core-facing physical interface.
[edit accounting-options flat-file-profile profile-name fields]user@host# set l2-stats option
BESTPRACTICE: Werecommend that you include the following statisticsfields in flat-file profiles for logical interfaces on the core-facing physicalinterfaces:
• Layer 2 statistics fields: all-fields
7. (Optional) Specify the format of the accounting file.
[edit accounting-options flat-file-profile profile-name]user@host# set format (csv | ipdr)
Copyright © 2018, Juniper Networks, Inc.186
Broadband Subscriber ManagementWholesale Feature Guide
8. (Optional) Specify the interval at which the Packet Forwarding Engine associated
with the interface is polled for the statistics specified in the profile.
[edit accounting-options flat-file-profile profile-name]user@host# set intervalminutes
NOTE: When you do not configure this option, the polling interval is 15minutes.
9. Configure the maximum size of the accounting file.
[edit accounting-options file filename]user@host# set size bytes
10. Configure one or more archive sites for the files.
[edit accounting-options file filename]user@host# set archive-sites site-name
The site-name is any valid FTPor Secure FTPURL.When the file is archived, the router
attempts to transfer the file to the archive site. If you have specified more than one
site, it tries the first site in the list. If that fails, it tries each site in turn until a transfer
succeeds The log file is stored at the archive site with a filename of the format
router-name_log-filename_timestamp. The last site in a list is often a local directory, in
case no remote site is reachable.
11. (Optional) Configure the start time for transferring files.
[edit accounting-options file filename]user@host# set start-time YYYY-MM-DD.hh:mm
12. (Optional) Configure how frequently the file is transferred.
[edit accounting-options file filename]user@host# set transfer-intervalminutes
NOTE: When you do not configure this option, the file is transferred every30minutes.
13. (Optional) Configure the maximum number of files (3 through 1000) to save.
[edit accounting-options file filename]user@host# set files number
NOTE: When you do not configure this option, a maximum of 10 files aresaved.
187Copyright © 2018, Juniper Networks, Inc.
Chapter 10: Configuring Flat-File Accounting for Layer 2Wholesale Services
14. (Optional) Configure the router to save a backup copy of the accounting file to the
/var/log/pfedBackup directory if the normal transfer of the files to the archive sites
fails.
[edit accounting-options file filename]user@host# set backup-on-failure
NOTE: When you do not configure this option, the file is saved on failureinto the local directory specified as the last site in the list of archive sites.
15. (Optional)Configure theaccounting file tobecompressedduring transfer toanarchive
site.
[edit accounting-options file filename]user@host# set compress
16. (Optional) Configure the router’s new backup Routing Engine to send its accounting
file to the /var/log/pfedBackup directory on the newmaster Routing Engine when a
change in mastership occurs.
[edit accounting-options file filename]user@host# set push-backup-to-master
17. (Optional) Configure the number of days after which accounting files are deleted
from the local backup directory.
[edit accounting-options]user@host# set cleanup-interval days
NOTE: Files are retained for 1 day if you do not configure this option.
18. Assign the profile to the relevant interface.
For the core-facing physical interface:
[edit interfaces physical-interface-name]user@host# set accounting-profileflat-file-profile-name
For the logical interface representing the core-facing physical interface:
[edit interfaces physical-interface-name unit logical-unit-number]user@host# set accounting-profileflat-file-profile-name
Copyright © 2018, Juniper Networks, Inc.188
Broadband Subscriber ManagementWholesale Feature Guide
Release History Table DescriptionRelease
However, starting in Junos OS Release 16.1R4, you can also use flat-fileaccounting tocollectandarchivevariousaccountingstatistics for yourLayer2 wholesale environment.
16.1R4
RelatedDocumentation
Configuring Accounting-Data Log Files•
• Flat-File Accounting Overview on page 181
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
Configuring Flat-File Accounting for Extensible Subscriber Services Management
Flat-file accounting is typically used to collect and archive various accounting statistics
on logical interfaces for Extensible Subscriber Services Manager (ESSM) business
subscribers. Other applications include accounting forwholesaler and retailer subscriber
activity in a Layer 2 wholesale environment. Starting in Junos OS Release 16.1R4, you can
create a flat-file profile to use as a template to define attributes for accounting flat files.
The profile specifies the following:
• The statistics fields that are collected.
• The filename where the statistics are logged.
• The format of the file, the interval at which the statistics are collected.
• The name of the XML schema file that specifies the contents of the accounting file.
You can configure multiple accounting profiles with different combinations of fields for
specific accounting requirements, and then assign the profiles as needed to provisioned
interfaces to satisfy the accounting requirements for each interface depending on how
it is used.
A given flat-file profile can be assigned to both use cases; for example, by specifying
all-fields for a global or group level. In this case, the fields you configure appear in the
accounting record only if they make sense in the context.
BESTPRACTICE: Werecommendyouuseseparate flat-fileprofiles forESSMbusiness subscriber logical interfaces and Layer 2 wholesale core-facingphysical interfaces.
To configure flat-file accounting for ESSM business services:
1. Create a flat-file profile.
[edit accounting-options]
189Copyright © 2018, Juniper Networks, Inc.
Chapter 10: Configuring Flat-File Accounting for Layer 2Wholesale Services
user@host# edit flat-file-profile profile-name
2. (Optional) Configure the name of the XML schema for the accounting flat file.
[edit accounting-options flat-file-profile profile-name]user@host# set schema-version schema-name
3. Specify the filename for the accounting file.
[edit accounting-options flat-file-profile profile-name]user@host# set file accounting-filename
4. Specify thegeneral, nonstatistical parameters for theaccounting file thataredisplayed
as part of the accounting record header.
[edit accounting-options flat-file-profile profile-name fields]user@host# set general-param option
BEST PRACTICE: We recommend that you include the following generalparameter fields in flat-file profiles for ESSM subscribers:
• Generalparameter fields:accounting-type,descr, line-id, logical-interface,
nas-port-id, timestamp, and vlan-id
5. Specify the accounting statistics that are collected and recorded in the accounting
file.
[edit accounting-options flat-file-profile profile-name fields]user@host# set egress-stats optionuser@host# set ingress-stats option;user@host# set overall-packet option;
BESTPRACTICE: Werecommend that you include the following statisticsfields in flat-file profiles for core-facing physical interfaces:
• Egress statistics fields: all-fields
• Ingress statistics fields: all-fields
• Overall packet fields: all-fields
6. (Optional) Specify the format of the accounting file.
[edit accounting-options flat-file-profile profile-name]user@host# set format (csv | ipdr)
7. (Optional) Specify the interval at which the Packet Forwarding Engine associated
with the interface is polled for the statistics specified in the profile.
[edit accounting-options flat-file-profile profile-name]
Copyright © 2018, Juniper Networks, Inc.190
Broadband Subscriber ManagementWholesale Feature Guide
user@host# set intervalminutes
NOTE: When you do not configure this option, the polling interval is 15minutes.
8. Configure the maximum size of the accounting file.
[edit accounting-options file filename]user@host# set size bytes
9. Configure one or more archive sites for the files.
[edit accounting-options file filename]user@host# set archive-sites site-name
The site-name is any valid FTPor Secure FTPURL.When the file is archived, the router
attempts to transfer the file to the archive site. If you have specified more than one
site, it tries the first site in the list. If that fails, it tries each site in turn until a transfer
succeeds. The log file is stored at the archive site with a filename of the format
router-name_log-filename_timestamp. The last site in a list is often a local directory, in
case no remote site is reachable.
10. (Optional) Configure the start time for transferring the file.
[edit accounting-options file filename]user@host# set start-time YYYY-MM-DD.hh:mm
11. (Optional) Configure how frequently the file is transferred.
[edit accounting-options file filename]user@host# set transfer-intervalminutes
NOTE: When you do not configure this option, the file is transferred every30minutes.
12. (Optional) Configure the maximum number of files (3 through 1000) to save.
[edit accounting-options file filename]user@host# set files number
NOTE: When you do not configure this option, a maximum of 10 files aresaved.
13. (Optional) Configure the router to save a backup copy of the accounting file to the
/var/log/pfedBackup directory if the normal transfer of the files to the archive sites
191Copyright © 2018, Juniper Networks, Inc.
Chapter 10: Configuring Flat-File Accounting for Layer 2Wholesale Services
fails. Specify whether only the current file form themaster Routing Engine is saved or
both that file and the file from the backup Routing Engine.
[edit accounting-options file filename]user@host# set backup-on-failure (master-and-slave | master-only)
NOTE: When you do not configure this option, the file is saved on failureinto the local directory specified as the last site in the list of archive sites.
14. (Optional)Configure theaccounting file tobecompressedduring transfer toanarchive
site.
[edit accounting-options file filename]user@host# set compress
15. (Optional) Configure the router’s new backup Routing Engine to send its accounting
file to the /var/log/pfedBackup directory on the newmaster Routing Engine when a
change in mastership occurs.
[edit accounting-options file filename]user@host# set push-backup-to-master
16. (Optional) Configure the number of days after which accounting files are deleted
from the local backup directory.
[edit accounting-options]user@host# set cleanup-interval days
NOTE: Files are retained for 1 day if you do not configure this option.
17. Assign the profile to an ESSM subscriber.
[edit system services extensible-subscriber-services]user@host# set flat-file-profile flat-file-profile-name
Release History Table DescriptionRelease
Starting in Junos OS Release 16.1R4, you can create a flat-file profile touse as a template to define attributes for accounting flat files.
16.1R4
RelatedDocumentation
Configuring Accounting-Data Log Files•
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
Copyright © 2018, Juniper Networks, Inc.192
Broadband Subscriber ManagementWholesale Feature Guide
Configuring Service Accounting in Local Flat Files
Starting in Junos OS Release 17.1R1, you can configure flat-file accounting to collect
service statistics for subscribersand report thosestatistics toa local file. This configuration
collects the running total service statistics per interface family. Because the statistics
are maintained in the Routing Engine in a statistics database, they are not affected by a
line-card restart, a graceful Routing Engine switchover, or a unified in-service software
upgrade (ISSU). The statistics counters are reset when the router reboots.
To configure local flat-file accounting for services:
1. Configure the subscriber access profile to report service accounting records in a local
flat file.
[edit access profile profile-name]user@host# set service accounting-order local
NOTE: Whenyouconfigure local, theCLIchecksatcommit that the flat-file
profile is configured under [edit access profile profile-name local].
Alternatively, youcanset theserviceaccountingorder toactivation-protocol
instead of local:
user@host# set service accounting-order activation-protocol
Use this option only when you plan to activate the service bymeans ofthe CLI configuration or a command. In this case, the CLI does not checkfor the flat-file profile to be configured. If the profile is not configured, nostatistics are collected.
NOTE: When you configure the local option, both volume and time
statistics are collected for the service accounting sessions. In this case,youmust not configure the volume-time option at the [edit access profile
profile-name service accounting statistics] hierarchy level; otherwise, an
error is generated when you commit the configuration.
2. Specify the name of the flat-file profile that is used to collect the service statistics.
[edit access profile profile-name]user@host# set local flat-file-profile flat-file-profile-name
3. Create the flat-file profile to collect the subscriber service accounting statistics and
other parameters.
[edit accounting-options]user@host# edit flat-file-profile profile-name
4. Specify the filename for the accounting file.
193Copyright © 2018, Juniper Networks, Inc.
Chapter 10: Configuring Flat-File Accounting for Layer 2Wholesale Services
[edit accounting-options flat-file-profile profile-name]user@host# set file accounting-filename
5. Specify that service accounting statistics are collected.
[edit accounting-options flat-file-profile profile-name fields]user@host# set service-accounting
6. (Optional) Specify the general, nonstatistical parameters for the accounting file that
are displayed as part of the accounting record header.
[edit accounting-options flat-file-profile profile-name fields]user@host# set general-param option
7. (Optional) Configure the name of the XML schema for the accounting flat file.
[edit accounting-options flat-file-profile profile-name]user@host# set schema-version schema-name
8. (Optional) Specify the format of the accounting file.
[edit accounting-options flat-file-profile profile-name]user@host# set format (csv | ipdr)
NOTE: When you do not configure this option, the format is ipdr.
9. (Optional) Specify the interval at which the Packet Forwarding Engine associated
with the interface is polled for the statistics specified in the profile.
[edit accounting-options flat-file-profile profile-name]user@host# set intervalminutes
NOTE: When you do not configure this option, the polling interval is 15minutes.
NOTE:
The interval value configured in the flat-file profile can be overridden byother interval values:
• The service accounting update interval configured at the edit access
profile profile-name service accounting update-interval] hierarchy level.
• An update interval value configured in the RADIUS attribute,Service-Interim-Acct-Interval (VSA 26–140). This value also overridesthe service accounting update interval.
10. Configure the maximum size of the accounting file.
Copyright © 2018, Juniper Networks, Inc.194
Broadband Subscriber ManagementWholesale Feature Guide
[edit accounting-options file filename]user@host# set size bytes
11. (Optional) Configure the maximum number of files (3 through 1000) to save.
[edit accounting-options file filename]user@host# set files number
NOTE: When you do not configure this option, a maximum of 10 files aresaved.
12. (Optional) Configure one or more archive sites for the files.
[edit accounting-options file filename]user@host# set archive-sites site-name
The site-name is any valid FTPor Secure FTPURL.When the file is archived, the router
attempts to transfer the file to the archive site. If you have specified more than one
site, it tries the first site in the list. If that fails, it tries each site in turn until a transfer
succeeds The log file is stored at the archive site with a filename of the format
router-name_log-filename_timestamp. The last site in a list is often a local directory, in
case no remote site is reachable.
13. (Optional) Configure the start time for transferring files.
[edit accounting-options file filename]user@host# set start-time YYYY-MM-DD.hh:mm
14. (Optional) Configure how frequently the file is transferred.
[edit accounting-options file filename]user@host# set transfer-intervalminutes
NOTE: When you do not configure this option, the file is transferred every30minutes.
15. (Optional) Configure the router to save a backup copy of the accounting file to the
/var/log/pfedBackup directory if the normal transfer of the files to the archive sites
fails.
[edit accounting-options file filename]user@host# set backup-on-failure
NOTE: When you do not configure this option, the file is saved on failureinto the local directory specified as the last site in the list of archive sites.
195Copyright © 2018, Juniper Networks, Inc.
Chapter 10: Configuring Flat-File Accounting for Layer 2Wholesale Services
16. (Optional)Configure theaccounting file tobecompressedduring transfer toanarchive
site.
[edit accounting-options file filename]user@host# set compress
17. (Optional) Configure the router’s new backup Routing Engine to send its accounting
file to the /var/log/pfedBackup directory on the newmaster Routing Engine when a
change in mastership occurs.
[edit accounting-options file filename]user@host# set push-backup-to-master
18. (Optional) Configure the number of days after which accounting files are deleted
from the local backup directory.
[edit accounting-options]user@host# set cleanup-interval days
NOTE: When you do not configure this option, files are retained for only 1day.
Release History Table DescriptionRelease
Starting in Junos OS Release 17.1R1, you can configure flat-file accountingto collect service statistics for subscribers and report those statistics to alocal file.
17.1R1
RelatedDocumentation
• Configuring Accounting-Data Log Files
• Flat-File Accounting Overview on page 181
Copyright © 2018, Juniper Networks, Inc.196
Broadband Subscriber ManagementWholesale Feature Guide
PART 5
Configuration Statements andOperational Commands
• Configuration Statements on page 199
• Operational Commands on page 435
197Copyright © 2018, Juniper Networks, Inc.
Copyright © 2018, Juniper Networks, Inc.198
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 11
Configuration Statements
• accept on page 203
• accept-out-of-band on page 204
• access-profile on page 205
• access-profile (Dynamic VLAN) on page 206
• access-profile (Dynamic Stacked VLAN) on page 207
• accounting-server on page 208
• active-server-group on page 209
• address on page 210
• address-assignment (Address-Assignment Pools) on page 213
• adjacency-loss-hold-time (ANCP) on page 214
• ancp on page 215
• authentication on page 217
• authentication (DHCP Local Server) on page 218
• authentication (DHCP Relay Agent) on page 219
• authentication-order on page 220
• authentication-server on page 221
• auto-configure on page 222
• auto-configure-trigger interface (ANCP) on page 223
• backup-on-failure (Accounting Options) on page 224
• circuit-id (VLAN Authentication Username) on page 225
• cleanup-interval (Accounting Options) on page 226
• compress (Accounting Options) on page 227
• connectivity-type on page 228
• core-facing on page 229
• demux0 (Dynamic Interface) on page 230
• demux-options (Dynamic Interface) on page 231
• demux-source (Dynamic IP Demux Interface) on page 232
• demux-source (Dynamic Underlying Interface) on page 233
199Copyright © 2018, Juniper Networks, Inc.
• demux-source (Underlying Interface) on page 234
• dhcp-attributes (Address-Assignment Pools) on page 235
• dhcp-local-server on page 237
• dhcp-relay on page 244
• dhcpv6 (DHCP Local Server) on page 256
• domain-name (Address-Assignment Pools) on page 260
• dynamic-profile (DHCP Local Server) on page 261
• dynamic-profile (DHCP Relay Agent) on page 262
• dynamic-profile (Dynamic PPPoE) on page 263
• dynamic-profile (Stacked VLAN) on page 264
• dynamic-profile (VLAN) on page 265
• dynamic-profiles on page 266
• egress-stats (Flat-File Accounting Options) on page 275
• encapsulation (Dynamic Interfaces) on page 277
• encapsulation (Logical Interface) on page 280
• encapsulation on page 284
• exclude (RADIUS Attributes) on page 291
• family on page 298
• family (Address-Assignment Pools) on page 303
• family (Dynamic Demux Interface) on page 304
• family (Dynamic PPPoE) on page 305
• family (Dynamic Standard Interface) on page 306
• fields (Flat-File Accounting Options) on page 308
• file (Flat-File Accounting Options) on page 310
• flat-file-profile (Accounting Options) on page 311
• flat-file-profile (Extensible Subscriber Services) on page 313
• flexible-vlan-tagging on page 314
• format (Flat-File Accounting Options) on page 315
• forwarding-options on page 316
• general-param (Flat-File Accounting Options) on page 319
• grace-period on page 320
• group (DHCP Local Server) on page 321
• group (DHCP Relay Agent) on page 324
• ingress-stats (Flat-File Accounting Options) on page 328
• inner-vlan-id (Dynamic VLANs) on page 329
• inner-vlan-id-swap-ranges on page 330
• input-vlan-map (Dynamic Interfaces) on page 331
Copyright © 2018, Juniper Networks, Inc.200
Broadband Subscriber ManagementWholesale Feature Guide
• interface (DHCP Local Server) on page 332
• interface (DHCP Relay Agent) on page 334
• interface (Dynamic Routing Instances) on page 336
• interface (Routing Instances) on page 337
• interface-mac-limit (VPLS) on page 338
• interfaces (Static and Dynamic Subscribers) on page 340
• interval (Flat-File Accounting Options) on page 345
• instance-role on page 346
• instance-type on page 347
• ip-address-first on page 349
• keepalives (Dynamic Profiles) on page 350
• l2-stats (Flat-File Accounting Options) on page 351
• mac-validate (Dynamic IP Demux Interface) on page 352
• multicast-replication on page 353
• neighbor (Define ANCP) on page 354
• no-local-switching on page 355
• no-tunnel-services on page 356
• maximum-lease-time on page 357
• overall-packet (Flat-File Accounting Options) on page 358
• output-vlan-map (Dynamic Interfaces) on page 359
• pap (Dynamic PPP) on page 360
• pool (Address-Assignment Pools) on page 361
• pool-match-order on page 362
• pop (Dynamic VLANs) on page 363
• pppoe-options (Dynamic PPPoE) on page 363
• pppoe-underlying-options (Static and Dynamic Subscribers) on page 364
• ppp-options (Dynamic PPP) on page 365
• prefix (Address-Assignment Pools) on page 366
• profile (Access) on page 367
• protocols on page 372
• proxy-arp on page 375
• proxy-arp (Dynamic Profiles) on page 376
• push (Dynamic VLANs) on page 376
• push-backup-to-master (Accounting Options) on page 377
• radius (Access Profile) on page 378
• radius-server on page 381
• range (Address-Assignment Pools) on page 382
201Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• ranges (Dynamic VLAN) on page 383
• remote-id (VLAN Authentication Username) on page 384
• route-distinguisher on page 385
• routing-instances (Dynamic Profiles) on page 387
• routing-instances (Multiple Routing Entities) on page 389
• schema-version (Flat-File Accounting Options) on page 390
• secret on page 391
• server (Dynamic PPPoE) on page 392
• server-group on page 393
• site (VPLSMultihoming for FEC 128) on page 394
• site-identifier (VPLS) on page 395
• site-range on page 396
• stacked-vlan-ranges on page 397
• stacked-vlan-tagging on page 398
• system on page 398
• traceoptions (DHCP) on page 399
• underlying-interface (demux0) on page 401
• underlying-interface (Dynamic PPPoE) on page 402
• unit on page 403
• unit (Dynamic Demux Interface) on page 410
• unit (Dynamic Profiles Standard Interface) on page 412
• unnumbered-address (Dynamic PPPoE) on page 415
• unnumbered-address (Dynamic Profiles) on page 416
• unnumbered-address (Ethernet) on page 418
• username-include on page 419
• user-prefix (DHCP Local Server) on page 420
• vlan-id (Dynamic VLANs) on page 421
• vlan-id (VLAN ID to Be Bound to a Logical Interface) on page 422
• vlan-model on page 423
• vlan-ranges on page 424
• vlan-tags on page 425
• vlan-tags (Stacked VLAN Tags) on page 426
• vpls (Routing Instance) on page 428
• vrf-export on page 430
• vrf-import on page 431
• vrf-target on page 432
Copyright © 2018, Juniper Networks, Inc.202
Broadband Subscriber ManagementWholesale Feature Guide
accept
Syntax accept (any | dhcp-v4 | dhcp-v6 | inet | inet6 | pppoe);
Hierarchy Level [edit interfaces interface-name auto-configure stacked-vlan-ranges dynamic-profileprofile-name],
[edit interfaces interface-name auto-configure vlan-ranges dynamic-profile profile-name]
Release Information Statement introduced in Junos OS Release 9.5.
dhcp-v4 option added in Junos OS Release 10.0.
dhcp-v6, inet6 and pppoe options added in Junos OS Release 10.2.
any option added in Junos OS Release 10.4.
Description Specify the type of VLAN Ethernet packet accepted by an interface that is associated
with a VLAN dynamic profile or stacked VLAN dynamic profile.
Options any—Any packet type. Specifies that any incoming packets trigger the dynamic creation
of a VLANwith properties determined by the auto-configure interface configuration
stanza and associated profile attributes. This option is used when configuring
wholesaling in a Layer 2 network.
dhcp-v4—IPv4 DHCP packet type. Specifies that incoming IPv4 DHCP discover packets
trigger the dynamic creation of a VLANwith properties determined by the
auto-configure interface configuration stanza and associated profile attributes
NOTE: The DHCP-specificmac-address and option-82 options are rejected
if the accept statement is not set to dhcp-v4.
dhcp-v6—IPv6 DHCP packet type. Specifies that incoming IPv6 DHCP discover packets
trigger the dynamic creation of a VLANwith properties determined by the
auto-configure interface configuration stanza and associated profile attributes.
inet—IPv4 Ethernet and ARP packet type.
inet6—IPv6 Ethernet packet type.
pppoe—Point-to-Point Protocol over Ethernet packet type.
NOTE: The pppoe VLAN Ethernet packet type option is supported only for
MPC/MIC interfaces.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
203Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
RelatedDocumentation
• Configuring an Interface to Use the Dynamic Profile Configured to Create Stacked VLANs
• Configuring an Interface to Use the Dynamic Profile Configured to Create Single-Tag
VLANs
• Configuring VLAN Interfaces for the Layer 2Wholesale Solution on page 82
• Configuring Subscriber Packet Types to Trigger VLAN Authentication
accept-out-of-band
Syntax accept-out-of-band protocol;
Hierarchy Level [edit interfaces interface-name auto-configure vlan-ranges dynamic-profile profile-name]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Configure the protocol for which packets are accepted as out-of-band traffic to trigger
instantiation or deletion of autosensed dynamic VLANs.
NOTE: A given physical interface can support VLANs created by eitherconventional packet-triggering or out-of-band triggering, but not both at thesame time.
Options protocol—Out-of-band protocol. The following out-of-band protocol is supported:
• ancp—ANCP Port Up and Port Downmessages trigger instantiation and deletion,
respectively, of autosensed, dynamic VLAN.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Out-of-Band ANCPMessages to Trigger Dynamic VLAN Instantiation on
page 173
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
Copyright © 2018, Juniper Networks, Inc.204
Broadband Subscriber ManagementWholesale Feature Guide
access-profile
Syntax access-profile profile-name;
Hierarchy Level [edit],[edit forwarding-options dhcp-relay][edit forwarding-options dhcp-relay dual-stack-group dual-stack-group-name],[edit forwarding-options dhcp-relay group group-name][edit forwarding-options dhcp-relay dhcpv6][edit forwarding-options dhcp-relay dhcpv6 group group-name][edit logical-systems logical-system-name routing-instances routing-instance-name][edit interfaces interface-name auto-configure vlan-ranges],[edit interfaces interface-name auto-configure stacked-vlan-ranges],[edit routing-instances routing-instances-name][edit system services dhcp-local-server][edit system services dhcp-local-server group group-name][edit system services dhcp-local-server dhcpv6][edit system services dhcp-local-server dhcpv6 group group-name][edit system services dhcp-local-server dual-stack-group dual-stack-group-name]
Release Information Statement introduced in Junos OS Release 9.1.
Statement introduced in Junos OS Release 12.3 for ACX Series routers.
Description After you have created the access profile that specifies authentication and accounting
parameters, youmust specify where the profile is used. Authentication and accounting
will not run unless you specify the profile. You can attach access profiles globally at the
[edit] hierarchy level, or you can apply them to DHCP clients or subscribers, VLANs, or
to a routing instance.
Options profile-name—Name of the access profile that you configured at the [edit access profile
name] hierarchy level.
Required PrivilegeLevel
access—To view this statement in the configuration.
access-control—To add this statement to the configuration.
RelatedDocumentation
• Attaching Access Profiles
• Attaching Access Profiles to DHCP Subscriber Interfaces or DHCP Client Interfaces
• Configuring Access Components for the DHCP Layer 3Wholesale Network Solution
on page 16
• ConfiguringAccessComponents for thePPPoEWholesaleNetworkSolutiononpage61
205Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
access-profile (Dynamic VLAN)
Syntax access-profile vlan-access-profile-name;
Hierarchy Level [edit interfaces interface-name auto-configure vlan-ranges dynamic-profile profile-name]
Release Information Statement introduced in Junos OS Release 16.2.
Description Access profiles contain subscriber access authentication, authorization and accounting
(AAA) configuration parameters. You can create an access profiles and then attach it at
various configuration levels.When youattachanaccess profile to an interface configured
for dynamic VLAN or stacked VLAN, all the VLANs and stacked VLANs use the same set
of AAA parameters configured in that access profile. The different access profiles can
have different authentication/authorization settings so you can, for example, have
authentication on some VLAN or stacked VLAN ranges but no authentication on other
ranges.
You can assign different access profiles to different dynamic profiles on the same
interface. If you assign an access profile at the global level, but a different access profile
is assigned at the interface level, the access profile at the interface level authenticates
all dynamic VLANs and stacked VLANs on the interface. Access profiles can be assigned
at various levels, but the most specific access profile takes precedence over any other
profile assignments.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an Interface to Use the Dynamic Profile Configured to Create Single-Tag
VLANs
Copyright © 2018, Juniper Networks, Inc.206
Broadband Subscriber ManagementWholesale Feature Guide
access-profile (Dynamic Stacked VLAN)
Syntax access-profile svlan-access-profile-name;
Hierarchy Level [edit interfaces interface-name auto-configure stacked-vlan-ranges dynamic-profileprofile-name]
Release Information Statement introduced in Junos OS Release 16.2.
Description Access profiles contain subscriber access authentication, authorization and accounting
(AAA) configuration parameters. You can create an access profiles and then attach it at
various configuration levels.When youattachanaccess profile to an interface configured
for dynamic VLAN or stacked VLAN, all the VLANs and stacked VLANs use the same set
of AAA parameters configured in that access profile. The different access profiles can
have different authentication/authorization settings so you can, for example, have
authentication on some VLAN and stacked VLAN ranges but no authentication on other
ranges.
You can assign different access profiles to different dynamic profiles on the same
interface. If you assign an access profile at the global level, but a different access profile
is assigned at the interface level, the access profile at the interface level authenticates
all dynamic VLANs and stacked VLANs on the interface. Access profiles can be assigned
at various levels, but the most specific access profile takes precedence over any other
profile assignments..
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an Interface to Use the Dynamic Profile Configured to Create Stacked VLANs
207Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
accounting-server
Syntax accounting-server [ ip-address ];
Hierarchy Level [edit access profile profile-name radius]
Release Information Statement introduced in Junos OS Release 9.1.
Description Specify a list of the RADIUS accounting servers used for accounting for DHCP, L2TP, and
PPP clients.
Options ip-address—IP version 4 (IPv4) address.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Authentication and Accounting Parameters for Subscriber Access
Copyright © 2018, Juniper Networks, Inc.208
Broadband Subscriber ManagementWholesale Feature Guide
active-server-group
Syntax active-server-group server-group-name;
Hierarchy Level [edit forwarding-options dhcp-relay],[edit forwarding-options dhcp-relay dhcpv6],[edit forwarding-options dhcp-relay group group-name],[edit forwarding-options dhcp-relay group group-name dhcpv6],[edit logical-systems logical-system-name forwarding-options dhcp-relay],[edit logical-systems logical-system-name forwarding-options dhcp-relay dhcpv6],[edit logical-systems logical-system-name forwarding-options group group-name],[edit logical-systems logical-system-name forwarding-options group group-name dhcpv6],[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay],
[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay dhcpv6],
[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay group group-name],
[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay group group-name dhcpv6],
[edit routing-instances routing-instance-name forwarding-options dhcp-relay][edit routing-instances routing-instance-name forwarding-options dhcp-relay dhcpv6],[edit routing-instances routing-instance-name forwarding-options dhcp-relay groupgroup-name],
[edit routing-instances routing-instance-name forwarding-optionsdhcp-relaydhcpv6groupgroup-name]
Release Information Statement introduced in Junos OS Release 8.3.
Support at the [edit ... dhcpv6] hierarchy levels introduced in Junos OS Release 11.4.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Apply a DHCP relay agent configuration to the named group of DHCP server addresses.
Use the statement at the [edit ... dhcpv6] hierarchy levels to configure DHCPv6 support.
A group-specific configuration overrides a global option.
Options server-group-name—Name of the group of DHCP or DHCPv6 server addresses to which
the DHCP or DHCPv6 relay agent configuration applies.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Extended DHCP Relay Agent Overview
• Configuring Active Server Groups to Apply a Common DHCP Relay Agent Configuration
to Named Server Groups
• Configuring Group-Specific DHCP Relay Options
• dhcp-relay on page 244
209Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
address
Syntax address address {arp ip-address (mac | multicast-mac)mac-address <publish>;broadcast address;destination address;destination-profile name;eui-64;master-only;multipoint-destination address dlci dlci-identifier;multipoint-destination address {epd-threshold cells;inverse-arp;oam-liveness {up-count cells;down-count cells;
}oam-period (disable | seconds);shaping {(cbr rate | rtvbr peak rate sustained rateburst length | vbr peak rate sustained rateburstlength);
queue-length number;}vci vpi-identifier.vci-identifier;
}primary;preferred;virtual-gateway-address(vrrp-group | vrrp-inet6-group) group-number {(accept-data | no-accept-data);advertise–interval seconds;authentication-type authentication;authentication-key key;fast-intervalmilliseconds;(preempt | no-preempt) {hold-time seconds;
}priority-number number;track {priority-cost seconds;priority-hold-time interface-name {interface priority;bandwidth-threshold bits-per-second {priority;
}}route ip-address/mask routing-instance instance-name priority-cost cost;
}virtual-address [ addresses ];
}}
Hierarchy Level [edit interfaces interface-name unit logical-unit-number family family],
Copyright © 2018, Juniper Networks, Inc.210
Broadband Subscriber ManagementWholesale Feature Guide
[edit logical-systems logical-system-name interfaces interface-name unit logical-unit-numberfamily family]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for the QFX Series.
Description Configure the interface address.
Options address—Address of the interface.
• In Junos OS Release 13.3 and later, when you configure an IPv6 host address and an
IPv6 subnet address on an interface, the commit operation fails.
• In releases earlier than Junos OS Release 13.3, when you use the same configuration
on an interface, the commit operation succeeds, but only one of the IPv6 addresses
that was entered is assigned to the interface. The other address is not applied.
NOTE: If you configure the same address onmultiple interfaces in the samerouting instance, JunosOSusesonly the first configuration, and the remainingaddress configurations are ignored and can leave interfaces without anaddress. Interfaces that do not have an assigned address cannot be used asa donor interface for an unnumbered Ethernet interface.
For example, in the following configuration the address configuration ofinterface xe-0/0/1.0 is ignored:
interfaces { xe-0/0/0 { unit 0 { family inet { address 192.168.1.1/8; } } } xe-0/0/1 { unit 0 { family inet { address 192.168.1.1/8; } }}
Formore informationonconfiguring thesameaddressonmultiple interfaces,see Configuring the Interface Address.
The remaining statements are explained separately. See CLI Explorer.
NOTE: Theedit logical-systemshierarchy isnotavailableonQFabric systems.
211Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring the Protocol Family
• Junos OS Administration Library
• family
• negotiate-address
• unnumbered-address (Ethernet) on page 418
Copyright © 2018, Juniper Networks, Inc.212
Broadband Subscriber ManagementWholesale Feature Guide
address-assignment (Address-Assignment Pools)
Syntax address-assignment {abated-utilization percentage;abated-utilization-v6 percentage;high-utilization percentage;high-utilization-v6 percentage;neighbor-discovery-router-advertisement ndra-pool-name;pool pool-name {active-drain;family family {dhcp-attributes {protocol-specific attributes;
}excluded-address ip-address;excluded-range name lowminimum-value highmaximum-value;host hostname {hardware-addressmac-address;ip-address ip-address;
}network ip-prefix/<prefix-length>;prefix ipv6-prefix;range range-name {high upper-limit;low lower-limit;prefix-length prefix-length;
}}hold-down;link pool-name;linked-pool-aggregation;
}}
Hierarchy Level [edit access]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Configure address-assignment pools that can be used by different client applications.
NOTE: Support forsubordinatestatements isplatform-specific.See individualstatement topics for support information.
Options pool-name—Name assigned to an address-assignment pool.
The remaining statements are explained separately. See CLI Explorer.
213Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Address-Assignment Pools Overview
• Configuring Address-Assignment Pools
• Configuring an Address-Assignment Pool for L2TP LNS with Inline Services
adjacency-loss-hold-time (ANCP)
Syntax adjacency-loss-hold-time seconds;
Hierarchy Level [edit protocols ancp],[edit protocols ancp neighbor ip-address]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Configure the ANCP agent to monitor, either globally or for a specified neighbor, how
long an ANCP adjacency is down and to trigger a state change for the subscriber access
line if the hold timer expires before the adjacency comes back up, as indicated by a Port
Upmessage on the access line. By default, there is no delay between detecting an
adjacency loss and triggering the state change.
Options seconds—Duration of period that the ANCP agent monitors loss of adjacency.
Default: 0 seconds
Range: 0 through 1800 seconds
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring the ANCP Agent to Dampen the Effects of Short-Term Adjacency Losses
on page 176
• Configuring ANCP Neighbors on page 169
• Configuring the ANCP Agent
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
Copyright © 2018, Juniper Networks, Inc.214
Broadband Subscriber ManagementWholesale Feature Guide
ancp
Syntax ancp {adjacency-loss-hold-time seconds;adjacency-timer seconds;gsmp-syn-timeout seconds;gsmp-syn-wait;interfaces {interface-set interface-set-name {access-identifier identifier-string;underlying-interface underlying-interface-name;
}interface-name {access-identifier identifier-string;
}}maximum-discovery-table-entries entry-number;maximum-helper-restart-time;neighbor ip-address {adjacency-loss-hold-time seconds;adjacency-timer;auto-configure-trigger interface interface-name;ietf-mode;maximum-discovery-table-entries entry-number;pre-ietf-mode;
}pre-ietf-mode;qos-adjust {adsl-bytes bytes;adsl2-bytes bytes;adsl2-plus-bytes bytes;other-bytes bytes;other-overhead-adjust percentage;sdsl-bytes bytes;sdsl-overhead-adjust percentage;vdsl-bytes bytes;vdsl-overhead-adjust percentage;vdsl2-bytes bytes;vdsl2-overhead-adjust percentage;
}qos-adjust-adsl adjustment-factor;qos-adjust-adsl2 adjustment-factor;qos-adjust-adsl2-plus adjustment-factor;qos-adjust-other adjustment-factor;qos-adjust-sdsl adjustment-factor;qos-adjust-vdsl adjustment-factor;qos-adjust-vdsl2 adjustment-factor;traceoptions {file filename <files number> <match regular-expression > <sizemaximum-file-size><world-readable | no-world-readable>;
flag flag;level (all | error | info | notice | verbose | warning);no-remote-trace;
}
215Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}
Hierarchy Level [edit protocols]
Release Information Statement introduced in Junos OS Release 9.4.
Description Configure Junos OS ANCP agent features.
The remaining statements are explained separately. See CLI Explorer.
NOTE: When youdeactivate theANCPprotocol, the router does not performa commit check to determine whether any ANCP or L2-BSA subscribers arepresent (active or inactive). Any subscribers that are active at the time ofdeactivation remain active.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring the ANCP Agent
Copyright © 2018, Juniper Networks, Inc.216
Broadband Subscriber ManagementWholesale Feature Guide
authentication
Syntax authentication {packet-types [packet-types];password password-string;username-include {circuit-id;circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-name;mac-address;option-18;option-37;option-82 <circuit-id> <remote-id>;radius-realm radius-realm-string;remote-id;user-prefix user-prefix-string;
}}
Hierarchy Level [edit interfaces interface-name auto-configure vlan-ranges],[edit interfaces interface-name auto-configure stacked-vlan-ranges]
Release Information Statement introduced in Junos OS Release 10.0.
Description Specify the authentication parameters that trigger the Access-Requestmessage to AAA
for the interface.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Subscribers over Static Interfaces
• Configuring the Static Subscriber Global Authentication Password
• Configuring a Username for Authentication of Out-of-Band Triggered Dynamic VLANs
on page 172
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
217Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
authentication (DHCP Local Server)
Syntax authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name ;logical-system-name;mac-address;option-60;option-82 <circuit-id> <remote-id>;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;
}}
Hierarchy Level [edit system services dhcp-local-server],[edit system services dhcp-local-server dual-stack-group dual-stack-group-name],[edit system services dhcp-local-server dhcpv6],[edit system services dhcp-local-server dhcpv6 group group-name],[edit system services dhcp-local-server group group-name],[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server ...],
[edit logical-systems logical-system-name system services dhcp-local-server ...],[edit routing-instances routing-instance-name system services dhcp-local-server ...]
Release Information Statement introduced in Junos OS Release 9.1.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Description Configure the parameters the router sends to the external AAA server. A group
configuration takes precedence over a global DHCP relay or DHCP local server
configuration.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Using External AAA Authentication Services with DHCP
Copyright © 2018, Juniper Networks, Inc.218
Broadband Subscriber ManagementWholesale Feature Guide
authentication (DHCP Relay Agent)
Syntax authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name;logical-system-name;mac-address;option-60;option-82 <circuit-id> <remote-id>;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;
}}
Hierarchy Level [edit forwarding-options dhcp-relay],[edit forwarding-options dhcp-relay dhcpv6],[edit forwarding-options dhcp-relay dhcpv6 group group-name],[edit forwarding-options dhcp-relay dual-stack-group dual-stack-group-name],[edit forwarding-options dhcp-relay group group-name],[edit logical-systems logical-system-name forwarding-options dhcp-relay ...],[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay ...],
[edit routing-instances routing-instance-name forwarding-options dhcp-relay ...]
Release Information Statement introduced in Junos OS Release 9.1.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Support at the [edit ... dhcpv6] hierarchy levels introduced in Junos OS Release 11.4.
Support at the [edit ... dual-stack-groupdual-stack-group-name]hierarchy level introduced
in Junos OS Release 15.1.
Description Configure the parameters the router sends to the external AAA server. A group
configuration takesprecedenceoveraglobalDHCPrelayconfiguration.Use thestatement
at the [edit...dhcpv6] hierarchy levels to configure DHCPv6 support.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• dhcp-relay on page 244
• Using External AAA Authentication Services with DHCP
219Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
authentication-order
Syntax authentication-order [ authentication-methods ];
Hierarchy Level [edit access profile profile-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
none option added in Junos OS Release 11.2.
nasreq option added in Junos OS Release 16.1.
Description Set the order in which AAA tries different authentication methods when verifying that a
client canaccess the router or switch. For each loginattempt,AAA tries theauthentication
methods in order, from first to last.
A given subscriber does not undergo both authentication and authorization as separate
steps. When both authentication-order and authorization-order are specified, DHCP
subscribers honor the configured authorization order, all other subscribers use the
configured authentication-order.
Options authentication-methods—Ordered list of methods to use for authentication attempts.The list includes one or more of the following methods in any combination:
• nasreq—Verify the client using NASREQ authentication services.
• none—No authentication is performed. Grants authentication without examining
the client credentials. Can be used, for example, when the Diameter function
Gx-Plus is employed for notification during subscriber provisioning.
• password—Verify the client using the information configured at the [edit access
profile profile-name client client-name] hierarchy level.
• radius—Verify the client using RADIUS authentication services.
NOTE: Subscriberaccessmanagementdoesnotsupport thepassword
option, and authentication fails when nomethod (none) is specified.
Default: password
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Example: Configuring CHAP Authentication with RADIUS
• Specifying the Authentication and Accounting Methods for Subscriber Access
• Configuring Access Profiles for L2TP or PPP Parameters
Copyright © 2018, Juniper Networks, Inc.220
Broadband Subscriber ManagementWholesale Feature Guide
authentication-server
Syntax authentication-server [ ip-address ];
Hierarchy Level [edit access profile profile-name radius]
Release Information Statement introduced in Junos OS Release 9.1.
Description Specify a list of the RADIUS authentication servers used to authenticate DHCP, L2TP,
andPPPclients. The servers in the list are also usedasRADIUSdynamic-request servers,
fromwhich the routeracceptsandprocessesRADIUSdisconnect requests,CoArequests,
and dynamic service activations and deactivations.
Options ip-address—IPv4 address.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring RADIUS Server Parameters for Subscriber Access
221Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
auto-configure
Syntax auto-configure {vlan-ranges {access-profile profile-name;authentication {packet-types [packet-types];password password-string;username-include{circuit-id;circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-name;mac-address;option-18;option-37;option-82 <circuit-id> <remote-id>;radius-realm radius-realm-string;remote-id;user-prefix user-prefix-string;
}}dynamic-profile profile-name {accept (any | dhcp-v4 | dhcp-v6 | inet | inet6 | pppoe);accept-out-of-band protocol;ranges (any | low-tag)–(any | high-tag);
}override;
}stacked-vlan-ranges {access-profile profile-name;authentication {packet-types [packet-types];password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-name;mac-address;option-18;option-37;option-82 <circuit-id> <remote-id>;radius-realm radius-realm-string;user-prefix user-prefix-string;
}}dynamic-profile profile-name {accept (any | dhcp-v4 | dhcp-v6 | inet | inet6 | pppoe);ranges (any | low-tag–high-tag),(any | low-tag–high-tag);
}override;
}
Copyright © 2018, Juniper Networks, Inc.222
Broadband Subscriber ManagementWholesale Feature Guide
remove-when-no-subscribers;}
Hierarchy Level [edit interfaces interface-name]
Release Information Statement introduced in Junos OS Release 9.5.
Description Enable the configuration of dynamic, auto-sensed VLANs.
The remaining statements are explained separately.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an Interface to Use the Dynamic Profile Configured to Create Stacked VLANs
• Configuring an Interface to Use the Dynamic Profile Configured to Create Single-Tag
VLANs
auto-configure-trigger interface (ANCP)
Syntax auto-configure-trigger interface interface-name;
Hierarchy Level [edit protocols ancp neighbor ip-address]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Map an ANCP neighbor to a subscriber-facing physical interface on the router, so that
ANCP Port Up and Port Downmessages trigger notifications to the auto-configuration
daemon (autoconfd) to initiate VLAN creation (Port Up) or removal (Port Down).
Options interface-name—Name of the physical interface.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring ANCP Neighbors on page 169
• Configuring the ANCP Agent
223Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
backup-on-failure (Accounting Options)
Syntax backup-on-failure (master-and-slave | master-only);
Hierarchy Level [edit accounting-options file filename]
Release Information Statement introduced in Junos OS Release 16.1.
Description Configure the router to save a copy of the accounting file locally, to the
/var/log/pfedBackupdirectoryof the relevantRoutingEngine, in theevent that file transfer
to the remote archive sites cannot be completed.
Options master-and-slave—Back up accounting files from both themaster Routing Engine and
the backup Routing Engine.
master-only—Back up accounting files from only the master Routing Engine.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Accounting-Data Log Files
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
Copyright © 2018, Juniper Networks, Inc.224
Broadband Subscriber ManagementWholesale Feature Guide
circuit-id (VLANAuthentication Username)
Syntax circuit-id;
Hierarchy Level [edit interfaces interface-nameauto-configurevlan-rangesauthenticationusername-include]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Include theagentcircuit identifier (ACI) in theusernamesent toRADIUS forauthentication
of the dynamic VLAN. The ACI is conveyed by the Access-Loop-Circuit-ID TLV in an
out-of-band ANCP Port Upmessage.
NOTE: This statement is not supported for stacked VLANs.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a Username for Authentication of Out-of-Band Triggered Dynamic VLANs
on page 172
• Configuring VLAN Interface Username Information for AAA Authentication
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
225Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
cleanup-interval (Accounting Options)
Syntax cleanup-interval days;
Hierarchy Level [edit accounting-options]
Release Information Statement introduced in Junos OS Release 16.1.
Description Configure the interval to delete files from the local backup directory.
Options days—Number of days after which accounting-options files are to be deleted from the
backup directory.
Range: 1 through 31 days
Default: 1 day
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Accounting-Data Log Files
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
Copyright © 2018, Juniper Networks, Inc.226
Broadband Subscriber ManagementWholesale Feature Guide
compress (Accounting Options)
Syntax compress;
Hierarchy Level [edit accounting-options file filename]
Release Information Statement introduced in Junos OS Release 16.1.
Description Compress the accounting file during file transfer to the backup site.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Accounting-Data Log Files
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
227Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
connectivity-type
Syntax connectivity-type (ce | irb | permanent);
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls],
[edit routing-instances routing-instance-name protocols vpls]
Release Information Statement introduced in Junos OS Release 9.1.
irb option introduced in Junos OS Release 9.3.
permanent option introduced in Junos OS Release 10.4.
Description SpecifywhenaVPLSconnection is takendowndependingonwhetherornot the interface
for theVPLS routing instance is customer-facingor integrated routing andbridging (IRB).
NOTE: The connectivity-type statement is not supported for FEC 129 VPLS
(also known as LDP VPLSwith BGP-based autodiscovery).
Default ce
Options ce—Require that for the VPLS connection to be up, the customer-facing interface for the
VPLS routing instancemust also be up. If the customer-facing interface fails, the
VPLS connection is taken down.
irb—Allow a VPLS connection to remain up so long as an IRB interface is configured for
the VPLS routing instance.
permanent—Allow a VPLS connection to remain up until specifically taken down. This
option is reserved for use in configuring Layer 2Wholesale subscriber networks. See
theBroadbandSubscriberManagement SolutionsGuide for details about configuring
a Layer 2Wholesale network.
NOTE: To specifically take down a VPLS routing instance that is using thepermanent option, all associated static logical interfacesmust also be down.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring VPLS Routing Instances
• Configuring Separate NNI Routing Instances for Layer 2Wholesale Service Retailers
on page 89
Copyright © 2018, Juniper Networks, Inc.228
Broadband Subscriber ManagementWholesale Feature Guide
core-facing
Syntax core-facing;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number family family],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-numberfamily family]
Release Information Statement introduced in Junos OS Release 11.2.
Description Specifies that the VLAN is physically connected to a core-facing ISP router and ensures
that the network does not improperly treat the interface as a client interface. When
specified, the interface is inserted into the core-facing default mesh group where traffic
from pseudowires that belong to the default mesh group is not forwarded on the
core-facing link.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringDirect ISP-Facing Interfaces for the Layer 2WholesaleSolution onpage85
229Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
demux0 (Dynamic Interface)
Syntax demux0 {unit logical-unit-number {demux-options {underlying-interface interface-name
}family family {access-concentrator name;address address;demux-source {source-prefix;
}direct-connect;duplicate-protection;dynamic-profile profile-name;filter {input filter-name;output filter-name;
}mac-validate (loose | strict):max-sessions number;max-sessions-vsa-ignore;rpf-check {fail-filter filter-name;mode loose;
}service-name-table table-nameshort-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds>;
unnumbered-address interface-name <preferred-source-address address>;}filter {input filter-name;output filter-name;
}vlan-id number;
}}
Hierarchy Level [edit dynamic-profiles profile-name interfaces]
Release Information Statement introduced in Junos OS Release 9.3.
Description Configure the logical demultiplexing (demux) interface in a dynamic profile.
Logical IP demux interfaces do not support IPv4 and IPv6 dual stack.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Copyright © 2018, Juniper Networks, Inc.230
Broadband Subscriber ManagementWholesale Feature Guide
RelatedDocumentation
• ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles
• Demultiplexing Interface Overview
demux-options (Dynamic Interface)
Syntax demux–options {underlying-interface interface-name
}
Hierarchy Level [edit dynamic-profiles profile-name interfaces demux0 interface-name unitlogical-unit-number]
Release Information Statement introduced in Junos OS Release 9.3.
Description Configure logical demultiplexing (demux) interface options in a dynamic profile.
The remaining statement is explained separately.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles
• Demultiplexing Interface Overview
231Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
demux-source (Dynamic IP Demux Interface)
Syntax demux-source {source-address;
}
Hierarchy Level [edit dynamic-profiles profile-name interfaces demux0 unit logical-unit-number familyfamily]
Release Information Statement introduced in Junos OS Release 9.3.
Description Configure a logical demultiplexing (demux) source address for a subscriber in a dynamic
profile.
Options source-address—Either the specific source address you want to assign to the subscriber
interface or the source address variable. For IPv4, specify
$junos-subscriber-ip-address; for IPv6, specify $junos-subscriber-ipv6-address. The
sourceaddress for the interface isdynamically suppliedbyDHCPwhen thesubscriber
accesses the router.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles
• Demultiplexing Interface Overview
Copyright © 2018, Juniper Networks, Inc.232
Broadband Subscriber ManagementWholesale Feature Guide
demux-source (Dynamic Underlying Interface)
Syntax demux-source family;
Hierarchy Level [edit dynamic-profiles interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 9.6.
Description Configure the logical demultiplexing (demux) source family type on the IP demux
underlying interface within a dynamic profile.
NOTE: The IP demux interface feature currently supports only Fast Ethernet,Gigabit Ethernet, 10-Gigabit Ethernet, or aggregated Ethernet underlyinginterfaces.
Options family—Protocol family:
• inet—Internet Protocol version 4 suite
• inet6—Internet Protocol version 6 suite
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
233Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
demux-source (Underlying Interface)
Syntax demux-source family;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-number],[edit logical-systems logical-system-name routing-instances routing-instance-name interfacesinterface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 9.0.
Support for aggregated Ethernet added in Junos OS Release 9.4.
Description Configure the logical demultiplexing (demux) source family type on the IP demux
underlying interface.
NOTE: The IP demux interface feature currently supports only Fast Ethernet,Gigabit Ethernet, 10-Gigabit Ethernet, or aggregated Ethernet underlyinginterfaces.
Options family—Protocol family:
• inet—Internet Protocol version 4 suite
• inet6—Internet Protocol version 6 suite
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an IP Demultiplexing Interface
• Configuring a VLAN Demultiplexing Interface
Copyright © 2018, Juniper Networks, Inc.234
Broadband Subscriber ManagementWholesale Feature Guide
dhcp-attributes (Address-Assignment Pools)
Syntax dhcp-attributes {boot-file filename;boot-server (address | hostname);dns-server [ ipv6-address ];domain-name domain-name;exclude-prefix-len exclude-prefix-length;grace-period seconds;maximum-lease-time seconds;name-server [ server-list ];netbios-node-type node-type;option {[ (id-number option-type option-value)(id-number array option-type option-value) ];
}option-match {option-82 {circuit-id value range named-range;remote-id value range named-range;
}}preferred-lifetime seconds;router [ router-address ];server-identifier ip4-address;sip-server-address [ ipv6-address ];sip-server-domain-name domain-name;t1-percentage percentage;t1-renewal-time;t2-percentage percentage;t2-rebinding-time;tftp-server address;valid-lifetime seconds;wins-server [ servers ];
}
Hierarchy Level [edit access address-assignment pool pool-name family family]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.3 for EX Series switches.
exclude-prefix-len statement introduced in Junos OS Release 17.3 for MX Series.
Description ConfigureDHCPattributes for theprotocol family ina specific addresspool. Theattributes
determine options and behaviors for the DHCP clients.
The remaining statements are explained separately.
Options exclude-prefix-len exclude-prefix-length—Specify the length of the IPv6 prefix to beexcluded from the delegated prefix.
Range: 1 through 128
235Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Address-Assignment Pools Overview
• DHCP Attributes for Address-Assignment Pools
• Configuring Address-Assignment Pools
• Configuring DHCP Client-Specific Attributes AppliedWhen Clients Obtain an Address
Copyright © 2018, Juniper Networks, Inc.236
Broadband Subscriber ManagementWholesale Feature Guide
dhcp-local-server
Syntax dhcp-local-server {access-profile profile-name;authentication {password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name ;logical-system-name;mac-address;option-60;option-82 <circuit-id> <remote-id>;routing-instance-name;user-prefix user-prefix-string;
}}dhcpv6 {access-profile profile-name;authentication {...
}duplicate-clients incoming-interface;group group-name {access-profile profile-name;authentication {...
}interface interface-name {access-profile profile-name;exclude;overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;interface-client-limit number;multi-address-embedded-option-response;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;rapid-commit;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);
237Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode (automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;delegated-pool;interface-client-limit number;multi-address-embedded-option-response;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;rapid-commit;
}route-suppression;server-duid-type type;service-profile dynamic-profile-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode (automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {
Copyright © 2018, Juniper Networks, Inc.238
Broadband Subscriber ManagementWholesale Feature Guide
max-consecutive-retries number;transmit-interval interval;
}}
}overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;delegated-pool;include-option-82 {forcerenew;nak;
}interface-client-limit number;multi-address-embedded-option-response;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;rapid-commit;
}reconfigure {attempts attempt-count;clear-on-abort;strict;support-option-pd-exclude;timeout timeout-value;token token-value;trigger {radius-disconnect;
}}reauthenticate (<lease-renewal> <remote-id-mismatch >);requested-ip-network-match subnet-mask;route-suppression;server-duid-type type;service-profile dynamic-profile-name;
}dual-stack-group name {access-profile access-profile;authentication {password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name ;logical-system-name;mac-address;relay-agent-interface-id;relay-agent-remote-id;routing-instance-name;user-prefix user-prefix-string;
}}
239Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
classification-key {circuit-id circuit-id;mac-addressmac-address;remote-id remote-id;
}dual-stack-interface-client-limit number;dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}on-demand-address-allocation;protocol-master (inet | inet6);reauthenticate (<lease-renewal> <remote-id-mismatch >);service-profile service-profile;
}duplicate-clients-in-subnet (incoming-interface | option-82);dynamic-profile profile-name <aggregate-clients (merge | replace) | use-primaryprimary-profile-name>;
forward-snooped-clients (all-interfaces | configured-interfaces |non-configured-interfaces);
group group-name {authentication {...
}dynamic-profile profile-name <aggregate-clients (merge | replace) | use-primaryprimary-profile-name>;
interface interface-name {exclude;overrides {asymmetric-lease-time seconds;client-discover-match (option60-and-option82 | incoming-interface);include-option-82 {forcerenew;nak;
}interface-client-limit number;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);
Copyright © 2018, Juniper Networks, Inc.240
Broadband Subscriber ManagementWholesale Feature Guide
method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode(automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}overrides {asymmetric-lease-time seconds;client-discover-match (option60-and-option82 | incoming-interface);include-option-82 {forcerenew;nak;
}interface-client-limit number;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;
}requested-ip-network-match subnet-maskroute-suppression;service-profile dynamic-profile-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}
241Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
session-mode (automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}on-demand-address-allocation;overrides {asymmetric-lease-time seconds;client-discover-match <option60-and-option82 | incoming-interface>;interface-client-limit number;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;
}pool-match-order {external-authority;ip-address-first;option-82;
}protocol-master;reauthenticate (<lease-renewal> <remote-id-mismatch >);reconfigure {attempts attempt-count;clear-on-abort;strict;timeout timeout-value;token token-value;trigger {radius-disconnect;
}}requested-ip-network-match subnet-mask;route-suppression;service-profile dynamic-profile-name;
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name systemservices],
[edit logical-systems logical-system-name system services],[edit routing-instances routing-instance-name system services],[edit system services]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 13.2X51 for the QFX Series.
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series.
Copyright © 2018, Juniper Networks, Inc.242
Broadband Subscriber ManagementWholesale Feature Guide
Description ConfigureDynamicHostConfigurationProtocol (DHCP) local server optionson the router
or switch to enable the router or switch to function as an extended DHCP local server.
The DHCP local server receives DHCP request and reply packets from DHCP clients and
then responds with an IP address and other optional configuration information to the
client.
The extendedDHCP local server is incompatiblewith theDHCP server on J Series routers
and, therefore, is not supported on J Series routers. Also, the DHCP local server and the
DHCP/BOOTP relay server, which are configured under the [edit forwarding-options
helpers]hierarchy level, cannot bothbeenabledon the router or switch at the same time.
TheextendedDHCP local server is fully compatiblewith theextendedDHCP relay feature.
Thedhcpv6 stanzaconfigures the router or switch to supportDynamicHostConfiguration
Protocol for IPv6 (DHCPv6). The DHCPv6 local server is fully compatible with the
extended DHCP local server and the extended DHCP relay feature.
NOTE: When you configure the dhcp-local-server statement at the routing
instancehierarchy level, youmustusea routing instance typeof virtual-router.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Extended DHCP Local Server Overview
• DHCPv6 Local Server Overview
243Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
dhcp-relay
Syntax dhcp-relay {access-profile profile-name;active-server-group server-group-name;authentication {password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name;logical-system-name;mac-address;option-60;option-82 <circuit-id> <remote-id>;routing-instance-name;user-prefix user-prefix-string;
}}bulk-leasequery {attempts number-of-attempts;timeout seconds;trigger automatic;
}dhcpv6 {access-profile profile-name;active-server-group server-group-name;}authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name interface-name;logical-system-name;mac-addressmac-address;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;
}}bulk-leasequery {attempts number-of-attempts;timeout seconds;trigger automatic;
}duplicate-clients incoming-interface;
Copyright © 2018, Juniper Networks, Inc.244
Broadband Subscriber ManagementWholesale Feature Guide
dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}forward-only {logical-system <current | default | logical-system-name>;routing-instance <current | default | routing-instance-name>;
}forward-only-replies;}forward-snooped-clients (all-interfaces | configured-interfaces |non-configured-interfaces);
group group-name {access-profile profile-name;active-server-group server-group-name;authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name interface-name;logical-system-name;mac-addressmac-address;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;
}}dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}forward-only {logical-system <current | default | logical-system-name>;routing-instance <current | default | routing-instance-name>;
}interface interface-name {access-profile profile-name;dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}exclude;overrides {allow-snooped-clients;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-negotiation-match incoming-interface;delay-authentication;delete-binding-on-renegotiation;dual-stack dual-stack-group-name;
245Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
interface-client-limit number;no-allow-snooped-clients;no-bind-on-request;relay-source interface-name;send-release-on-delete;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}}lease-time-validation {lease-time-threshold seconds;violation-action action;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode(automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}overrides {allow-snooped-clients;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-negotiation-match incoming-interface;delay-authentication;delete-binding-on-renegotiation;dual-stack dual-stack-group-name;interface-client-limit number;no-allow-snooped-clients;no-bind-on-request;relay-source interface-name;send-release-on-delete;
}relay-agent-interface-id {include-irb-and-l2;
Copyright © 2018, Juniper Networks, Inc.246
Broadband Subscriber ManagementWholesale Feature Guide
keep-incoming-interface-id ;no-vlan-interface-name;prefix prefix;use-interface-description (logical | device);use-option-82;
}relay-agent-remote-id {include-irb-and-l2;keep-incoming-interface-id ;no-vlan-interface-name;prefix prefix;use-interface-description (logical | device);use-option-82 <strict>;
}relay-option {option-number option-number;default-action {drop;forward-only;relay-server-group relay-server-group;
}equals (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;relay-server-group relay-server-group;
}starts-with (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;relay-server-group relay-server-group;
}}remote-id-mismatch disconnect;route-suppression;service-profile dynamic-profile-name;
}leasequery {attempts number-of-attempts;timeout seconds;
}lease-time-validation {lease-time-threshold seconds;violation-action action;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
247Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}detection-time {thresholdmilliseconds;
}session-mode(automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}route-suppression;service-profile dynamic-profile-name;
}}no-snoop;overrides {allow-snooped-clients;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-negotiation-match incoming-interface;delay-authentication;delete-binding-on-renegotiation;dual-stack dual-stack-group-name;interface-client-limit number;no-allow-snooped-clients;no-bind-on-request;relay-source interface-name;send-release-on-delete;
}relay-agent-interface-id {include-irb-and-l2;keep-incoming-interface-id ;no-vlan-interface-name;prefix prefix;use-interface-description (logical | device);use-option-82;
}relay-agent-remote-id {include-irb-and-l2;keep-incoming-interface-id ;no-vlan-interface-name;prefix prefix;use-interface-description (logical | device);use-option-82 <strict>;
}relay-option {option-number option-number;default-action {drop;forward-only;relay-server-group relay-server-group;
}equals (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;
Copyright © 2018, Juniper Networks, Inc.248
Broadband Subscriber ManagementWholesale Feature Guide
relay-server-group relay-server-group;}starts-with (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;relay-server-group relay-server-group;
}}relay-option-vendor-specific{host-name;location;
remote-id-mismatch disconnect;route-suppression;server-group {server-group-name {server-ip-address;
}}server-response-time seconds;service-profile dynamic-profile-name;
}dual-stack-group dual-stack-group-name {access-profile profile-name;authentication {password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name;logical-system-name;mac-address;relay-agent-interface-id;relay-agent-remote-id;routing-instance-name;user-prefix user-prefix-string;
}}classification-key {circuit-id circuit-id;mac-addressmac-address;remote-id remote-id;
}dual-stack-interface-client-limit number;dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}
249Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}}protocol-master;relay-agent-interface-id {include-irb-and-l2;keep-incoming-interface-id ;no-vlan-interface-name;prefix prefix;use-interface-description (logical | device);use-option-82;
}relay-agent-remote-id {include-irb-and-l2;keep-incoming-interface-id ;no-vlan-interface-name;prefix prefix;use-interface-description (logical | device);use-option-82 <strict>;
}service-profile dynamic-profile-name;
}duplicate-clients-in-subnet (incoming-interface | option-82):dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}forward-only {logical-system <current | default | logical-system-name>;routing-instance <current | default | routing-instance-name>;
}forward-only-replies;forward-snooped-clients (all-interfaces | configured-interfaces |non-configured-interfaces);
group group-name {access-profile profile-name;active-server-group server-group-name;authentication {password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name interface-name;logical-system-name;mac-address;option-60;option-82 [circuit-id] [remote-id];routing-instance-name;user-prefix user-prefix-string;
}}dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}
Copyright © 2018, Juniper Networks, Inc.250
Broadband Subscriber ManagementWholesale Feature Guide
forward-only {logical-system <current | default | logical-system-name>;routing-instance <current | default | routing-instance-name>;
}forward-only {logical-system <current | default | logical-system-name>;routing-instance <current | default | routing-instance-name>;
}interface interface-name {access-profile profile-name;exclude;liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode (automatic | multihop | singlehop);holddown-intervalmilliseconds;
}}
}overrides {allow-no-end-option;allow-snooped-clients;always-write-giaddr;always-write-option-82;asymmetric-lease-time seconds;client-discover-match <option60-and-option82 | incoming-interface>;delay-authentication;delete-binding-on-renegotiation;disable-relay;dual-stack dual-stack-group-name;interface-client-limit number;layer2-unicast-replies;no-allow-snooped-clients;no-bind-on-request;proxy-mode;relay-sourcereplace-ip-source-with;send-release-on-delete;trust-option-82;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
251Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}overrides {allow-no-end-optionallow-snooped-clients;always-write-giaddr;always-write-option-82;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match (option60-and-option82 | incoming-interface);delay-authentication;delete-binding-on-renegotiation;disable-relay;dual-stack dual-stack-group-name;interface-client-limit number;layer2-unicast-replies;no-allow-snooped-clients;no-bind-on-request;proxy-mode;relay-sourcereplace-ip-source-with;send-release-on-delete;trust-option-82;
}relay-option {option-number option-number;default-action {drop;forward-only;relay-server-group group-name;
}equals (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;relay-server-group relay-server-group;
}starts-with (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;local-server-group local-server-group;relay-server-group relay-server-group;
}}relay-option-82 {circuit-id {prefix prefix;use-interface-description (logical | device);
}remote-id {prefix prefix;use-interface-description (logical | device);
}server-id-override
}remote-id-mismatch disconnect;route-suppression:service-profile dynamic-profile-name;
Copyright © 2018, Juniper Networks, Inc.252
Broadband Subscriber ManagementWholesale Feature Guide
}leasequery {attempts number-of-attempts;timeout seconds;
}lease-time-validation {lease-time-threshold seconds;violation-action action;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode (automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}no-snoop;overrides {allow-no-end-optionallow-snooped-clients;always-write-giaddr;always-write-option-82;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match (option60-and-option82 | incoming-interface);delay-authentication;delete-binding-on-renegotiation;disable-relay;dual-stack dual-stack-group-name;interface-client-limit number;layer2-unicast-replies;no-allow-snooped-clients;no-bind-on-request;proxy-mode;relay-sourcereplace-ip-source-with;send-release-on-delete;trust-option-82;
253Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}relay-option {option-number option-number;default-action {drop;forward-only;relay-server-group group-name;
}equals (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;relay-server-group relay-server-group;
}starts-with (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;local-server-group local-server-group;relay-server-group relay-server-group;
}}relay-option-82 {circuit-id {prefix prefix;use-interface-description (logical | device);
}remote-id {prefix prefix;use-interface-description (logical | device);
}server-id-override
}}remote-id-mismatch disconnect;route-suppression:server-group {server-group-name {server-ip-address;
}}server-response-time seconds;
service-profile dynamic-profile-name;
Hierarchy Level [edit forwarding-options],[edit logical-systems logical-system-name forwarding-options],[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options],
[edit routing-instances routing-instance-name forwarding-options]
Release Information Statement introduced in Junos OS Release 8.3.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Statement introduced in Junos OS Release 13.2X51 for the QFX Series.
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series.
Copyright © 2018, Juniper Networks, Inc.254
Broadband Subscriber ManagementWholesale Feature Guide
Description Configure extended Dynamic Host Configuration Protocol (DHCP) relay and DHCPv6
relay options on the router or switch to enable the router (or switch) to function as a
DHCP relayagent.ADHCP relayagent forwardsDHCP requestand replypacketsbetween
a DHCP client and a DHCP server.
DHCP relay supports theattachmentofdynamicprofilesandalso interactswith the local
AAA Service Framework to use back-end authentication servers, such as RADIUS, to
provide subscriber authentication or client authentication. You can attach dynamic
profiles and configure authentication support on a global basis or for a specific group of
interfaces.
The extended DHCP and DHCPv6 relay agent options configured with the dhcp-relay
and dhcpv6 statements are incompatible with the DHCP/BOOTP relay agent options
configured with the bootp statement. As a result, the extended DHCP or DHCPv6 relay
agentand theDHCP/BOOTPrelayagent cannotbothbeenabledon the router (or switch)
at the same time.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Extended DHCP Relay Agent Overview
• DHCPv6 Relay Agent Overview
• DHCP Relay Proxy Overview
• Using External AAA Authentication Services with DHCP
255Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
dhcpv6 (DHCP Local Server)
Syntax dhcpv6 {access-profile profile-name;authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);logical-system-name;mac-address;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;
}}duplicate-clients incoming-interface;group group-name {access-profile profile-name;authentication {...interface interface-name {access-profile profile-name;exclude;liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode(automatic | multihop | singlehop);holddown-intervalmilliseconds;
}}
}overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-negotiation-match incoming-interface;
Copyright © 2018, Juniper Networks, Inc.256
Broadband Subscriber ManagementWholesale Feature Guide
delete-binding-on-renegotiation;interface-client-limit number;multi-address-embedded-option-response;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;rapid-commit;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode(automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-negotiation-match incoming-interface;delegated-pool;delete-binding-on-renegotiation;interface-client-limit number;multi-address-embedded-option-response;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;rapid-commit;
}route-suppression;service-profile dynamic-profile-name;
}liveness-detection {
257Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode(automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-negotiation-match incoming-interface;delegated-pool;delete-binding-on-renegotiation;interface-client-limit number;multi-address-embedded-option-response;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;rapid-commit;reconfigure {attempts attempt-count;clear-on-abort;strict;timeout timeout-value;token token-value;trigger {radius-disconnect;
}}
}reauthenticate (<lease-renewal> <remote-id-mismatch >);reconfigure {attempts attempt-count;clear-on-abort;strict;support-option-pd-exclude;timeout timeout-value;token token-value;
Copyright © 2018, Juniper Networks, Inc.258
Broadband Subscriber ManagementWholesale Feature Guide
trigger {radius-disconnect;
}}requested-ip-network-match subnet-mask;route-suppression;server-duid-type type;service-profile dynamic-profile-name;
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server],
[edit logical-systems logical-system-name system services dhcp-local-server],[edit routing-instances routing-instance-name system services dhcp-local-server],[edit system services dhcp-local-server]
Release Information Statement introduced in Junos OS Release 9.6.
Statement introduced in Junos OS Release 12.3 for EX Series switches.
Description Configure DHCPv6 local server options on the router or switch to enable the router or
switch to function as a server for the DHCP protocol for IPv6. The DHCPv6 local server
sends and receives packets using the IPv6 protocol and informs IPv6 of the routing
requirements of router clients. The local server works together with the AAA service
framework to control subscriber access (or DHCP client access) and accounting.
The DHCPv6 local server is fully compatible with the extended DHCP local server and
DHCP relay agent.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• DHCPv6 Local Server Overview
259Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
domain-name (Address-Assignment Pools)
Syntax domain-name domain-name;
Hierarchy Level [edit access address-assignment pool pool-name family inet dhcp-attributes],[edit access protocol-attributes attribute-set-name]
Release Information Statement introduced in Junos OS Release 9.0.
Description Configure the name of the domain in which clients search for a DHCP server host. This
is the default domain name that is appended to hostnames that are not fully qualified.
This is equivalent to DHCP option 15.
Options domain-name—Name of the domain.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Address-Assignment Pools
Copyright © 2018, Juniper Networks, Inc.260
Broadband Subscriber ManagementWholesale Feature Guide
dynamic-profile (DHCP Local Server)
Syntax dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}
Hierarchy Level [edit system services dhcp-local-server],[edit system services dhcp-local-server dual-stack-group dual-stack-group-name],[edit system services dhcp-local-server dhcpv6],[edit system services dhcp-local-server dhcpv6 group group-name],[edit systemservicesdhcp-local-serverdhcpv6groupgroup-name interface interface-name],[edit system services dhcp-local-server group group-name],[edit system services dhcp-local-server group group-name interface interface-name],[edit logical-systems logical-system-name system services dhcp-local-server ...],[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server ...],
[edit routing-instances routing-instance-name system services dhcp-local-server ...]
Release Information Statement introduced in Junos OS Release 9.2.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Options aggregate-clients and use-primary introduced in Junos OS Release 9.3.
Support at the [edit ... interface] hierarchy levels introduced in Junos OS Release 11.2.
Description Specify thedynamicprofile that is attached toall interfaces, anamedgroupof interfaces,
or a specific interface.
Options profile-name—Name of the dynamic profile.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Attaching Dynamic Profiles to DHCP Subscriber Interfaces or DHCP Client Interfaces
• Configuring a Default Subscriber Service
261Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
dynamic-profile (DHCP Relay Agent)
Syntax dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}
Hierarchy Level [edit forwarding-options dhcp-relay],[edit forwarding-options dhcp-relay dhcpv6],[edit forwarding-options dhcp-relay dhcpv6 group group-name],[edit forwarding-options dhcp-relay dhcpv6 group group-name interface interface-name],[edit forwarding-options dhcp-relay dual-stack-group dual-stack-group-name],[edit forwarding-options dhcp-relay group group-name],[edit forwarding-options dhcp-relay group group-name interface interface-name],[edit logical-systems logical-system-name forwarding-options dhcp-relay ...],[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay ...],
[edit routing-instances routing-instance-name forwarding-options dhcp-relay ...]
Release Information Statement introduced in Junos OS Release 9.2.
Support at the [edit ... dhcpv6] hierarchy levels introduced in Junos OS Release 11.4.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Support at the [edit ... dual-stack-groupdual-stack-group-name]hierarchy level introduced
in Junos OS Release 15.1.
Description Specify the dynamic profile that is attached to all interfaces, to a named group of
interfaces, or to a specific interface.
M120 and M320 routers do not support DHCPv6.
Options profile-name—Name of the dynamic profile.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• dhcp-relay on page 244
• Attaching Dynamic Profiles to DHCP Subscriber Interfaces or DHCP Client Interfaces
• Grouping Interfaces with Common DHCP Configurations
• Configuring a Default Subscriber Service
Copyright © 2018, Juniper Networks, Inc.262
Broadband Subscriber ManagementWholesale Feature Guide
dynamic-profile (Dynamic PPPoE)
Syntax dynamic-profile profile-name;
Hierarchy Level [edit dynamic-profiles profile-name interfaces demux0 unit logical-unit-number familypppoe],
[editdynamic-profilesprofile-name interfaces interface-nameunit logical-unit-number familypppoe],
[edit interfaces interface-name unit logical-unit-number family pppoe],[edit interfaces interface-name unit logical-unit-number pppoe-underlying-options],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-numberfamily pppoe],
[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-numberpppoe-underlying-options]
Release Information Statement introduced in Junos OS Release 10.1.
Support for the [edit ... family pppoe] hierarchies introduced in Junos OS Release 11.2.
Description Attach a PPPoE dynamic profile to an underlying Ethernet interface. This underlying
interface is configured with either the encapsulation ppp-over-ether statement or the
family pppoe statement; the two statements are mutually exclusive. When the router
creates a dynamic PPPoE logical interface on the underlying interface, it uses the
information in the dynamic profile to determine the properties of the dynamic PPPoE
logical interface.
NOTE: The [edit ... family pppoe] hierarchies are supported only onMXSeries
routers with MPCs.
Starting in Junos OS Release 17.2R1, you can configure converged servicesforMS-MPCsandMS-MICs.Youcanconfigurecaptiveportal contentdelivery(CPCD)profiles forMS-MICsandMS-MPCsby including theservice interfacems-fpc/pic/port statement at the edit service-set service set name
captive-portal-content-delivery-profileprofilename interface-serviceheirarchy
level.
Options profile-name—NameofapreviouslyconfiguredPPPoEdynamicprofile, up to64characters
in length, defined at the [edit dynamic-profilesprofile-name interfacespp0]hierarchy
level.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
Configuring an Underlying Interface for Dynamic PPPoE Subscriber Interfaces•
• Configuring the PPPoE Family for an Underlying Interface
263Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• Dynamic PPPoE Subscriber Interfaces over Static Underlying Interfaces Overview
dynamic-profile (Stacked VLAN)
Syntax dynamic-profile profile-name {accept (any | dhcp-v4 |dhcp-v6| inet | inet6 | pppoe);access-profilevlan-dynamic-profile-name;ranges (any | low-tag–high-tag),(any | low-tag–high-tag);
}
Hierarchy Level [edit interfaces interface-name auto-configure stacked-vlan-ranges]
Release Information Statement introduced in Junos OS Release 9.5.
Description Configure a dynamic profile for use when configuring dynamic stacked VLANs.
Options profile-name—Nameof thedynamicprofile thatyouwant tousewhenconfiguringdynamic
stacked VLANs.
The remaining statements are explained separately.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Dynamic Profiles Overview
• Configuring a Basic Dynamic Profile
• Configuring an Interface to Use the Dynamic Profile Configured to Create Stacked VLANs
Copyright © 2018, Juniper Networks, Inc.264
Broadband Subscriber ManagementWholesale Feature Guide
dynamic-profile (VLAN)
Syntax dynamic-profile profile-name {accept (any | dhcp-v4 |dhcp-v6| inet | inet6 | pppoe);accept-out-of-band protocol;access-profilevlan-dynamic-profile-name;ranges (any | low-tag)–(any | high-tag);
}
Hierarchy Level [edit interfaces interface-name auto-configure vlan-ranges]
Release Information Statement introduced in Junos OS Release 9.5.
Description Configure a dynamic profile for use when configuring dynamic VLANs.
Options profile-name—Nameof thedynamicprofile thatyouwant tousewhenconfiguringdynamic
VLANs.
The remaining statements are explained separately.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Dynamic Profiles Overview
• Configuring a Basic Dynamic Profile
• Configuring an Interface to Use the Dynamic Profile Configured to Create Single-Tag
VLANs
265Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
dynamic-profiles
Syntax dynamic-profiles {profile-name {class-of-service {interfaces {interface-name ;}unit logical-unit-number {classifiers {type (classifier-name | default);
}output-traffic-control-profile (profile-name | $junos-cos-traffic-control-profile);report-ingress-shaping-rate bps;rewrite-rules {dscp (rewrite-name | default);dscp-ipv6 (rewrite-name | default);ieee-802.1 (rewrite-name | default) vlan-tag (outer | outer-and-inner);inet-precedence (rewrite-name | default);}
}}
}scheduler-maps {map-name {forwarding-class class-name scheduler scheduler-name;
}}schedulers {(scheduler-name) {buffer-size (seconds | percent percentage | remainder | temporalmicroseconds);drop-profile-map loss-priority (any | low | medium-low | medium-high | high)protocol (any | non-tcp | tcp) drop-profile profile-name;
excess-priority (low | high | $junos-cos-scheduler-excess-priority);excess-rate (percent percentage | percent $junos-cos-scheduler-excess-rate);overhead-accounting (shaping-mode) <bytes (byte-value>;priority priority-level;shaping-rate (rate | predefined-variable);transmit-rate (percent percentage | rate | remainder) <exact | rate-limit>;
}}traffic-control-profiles profile-name {delay-buffer-rate (percent percentage | rate | $junos-cos-delay-buffer-rate);excess-rate (percentpercentage | proportionvalue | percent$junos-cos-excess-rate);guaranteed-rate (percent percentage | rate | $junos-cos-guaranteed-rate);overhead-accounting (shaping-mode) <bytes (byte-value>;scheduler-mapmap-name;shaping-rate (rate | predefined-variable);
}}firewall {family family {fast-update-filter filter-name {interface-specific;
Copyright © 2018, Juniper Networks, Inc.266
Broadband Subscriber ManagementWholesale Feature Guide
match-order [match-order];term term-name {from {match-conditions;
}then {action;action-modifiers;
}only-at-create;
}}filter filter-name {enhanced-mode-override;fast-lookup-filter;instance-shared;interface-shared;
interface-specific;term term-name {from {match-conditions;
}then {action;action-modifiers;
}only-at-create;
filter filter-name {interface-specific;term term-name {from {match-conditions;
}then {action;action-modifiers;
}}
policer policer-name {filter-specific;if-exceeding {(bandwidth-limit bps | bandwidth-percent percentage);burst-size-limit bytes;
}logical-bandwidth-policer;logical-interface-policer;physical-interface-policer;then {policer-action;
}}hierarchical-policer uid {aggregate {if-exceeding {bandwidth-limit-limit bps;burst-size-limit bytes;
267Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}then {policer-action;
}}premium {if-exceeding {bandwidth-limit bps;burst-size-limit bytes;
}then {policer-action;
}}
}policer uid {filter-specific;if-exceeding {(bandwidth-limit bps | bandwidth-percent percentage);burst-size-limit bytes;
}logical-bandwidth-policer;logical-interface-policer;physical-interface-policer;then {policer-action;
}}three-color-policer uid {action {loss-priority high then discard;
}logical-interface-policer;single-rate {(color-aware | color-blind);committed-burst-size bytes;committed-information-rate bps;excess-burst-size bytes;
}two-rate {(color-aware | color-blind);committed-burst-size bytes;committed-information-rate bps;peak-burst-size bytes;peak-information-rate bps;}
}}
}interfaces interface-name {interface-set interface-set-name {interface interface-name {unit logical unit number {advisory-options {downstream-rate rate;upstream-rate rate;
Copyright © 2018, Juniper Networks, Inc.268
Broadband Subscriber ManagementWholesale Feature Guide
}}
}}unit logical-unit-number {actual-transit-statistics;auto-configure {agent-circuit-identifier {dynamic-profile profile-name;
}line-identity {include {accept-no-ids;circuit-id;remote-id;
}dynamic-profile profile-name;
}}encapsulation (atm-ccc-cell-relay | atm-ccc-vc-mux | atm-cisco-nlpid |atm-tcc-vc-mux | atm-mlppp-llc | atm-nlpid | atm-ppp-llc | atm-ppp-vc-mux |atm-snap | atm-tcc-snap | atm-vc-mux | ether-over-atm-llc |ether-vpls-over-atm-llc | ether-vpls-over-fr | ether-vpls-over-ppp | ethernet |frame-relay-ccc | frame-relay-ppp | frame-relay-tcc | frame-relay-ether-type |frame-relay-ether-type-tcc | multilink-frame-relay-end-to-end | multilink-ppp |ppp-over-ether |ppp-over-ether-over-atm-llc | vlan-bridge | vlan-ccc | vlan-vci-ccc| vlan-tcc | vlan-vpls);
family family {address address;filter {adf {counter;input-precedence precedence;not-mandatory;output-precedence precedence;rule rule-value;
}input filter-name (precedence precedence;shared-name filter-shared-name;
}output filter-name {precedence precedence;shared-name filter-shared-name;
}}rpf-check {fail-filter filter-name;mode loose;
}service {input {service-set service-set-name {service-filter filter-name;
}post-service-filter filter-name;
269Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}input-vlan-map {inner-tag-protocol-id tpid;inner-vlan-id number;(push | swap);tag-protocol-id tpid;vlan-id number;
}output {service-set service-set-name {service-filter filter-name;
}}output-vlan-map {inner-tag-protocol-id tpid;inner-vlan-id number;(pop | swap);tag-protocol-id tpid;vlan-id number;
}pcef pcef-profile-name {activate rule-name | activate-all;
}}unnumbered-address interface-name <preferred-source-address address>;
}filter {input filter-name (shared-name filter-shared-name;
}output filter-name {shared-name filter-shared-name;
}}host-prefix-only;ppp-options {chap;pap;
}vlan-id number;vlan-tags outer [tpid].vlan-id [inner [tpid].vlan-id];
}}interfaces {demux0 {...}
}interfaces {pp0 {...}
}policy-options {prefix-list uid {ip-addresses;dynamic-db;
}}predefined-variable-defaults predefined-variable <variable-option> default-value;
Copyright © 2018, Juniper Networks, Inc.270
Broadband Subscriber ManagementWholesale Feature Guide
protocols {igmp {interface interface-name {accounting;disable;group-limit limit;group-policy;group-threshold value;immediate-leavelog-interval seconds;no-accounting;oif-map;passive;promiscuous-mode;ssm-map ssm-map-name;ssm-map-policy ssm-map-policy-namestatic {group group {source source;
}}version version;
}}mld {interface interface-name {(accounting | no-accounting);disable;group-limit limit;group-policy;group-threshold value;immediate-leave;log-interval seconds;oif-map;passive;ssm-map ssm-map-name;ssm-map-policy ssm-map-policy-name;static {groupmulticast-group-address {exclude;group-count number;group-increment increment;source ip-address {source-count number;source-increment increment;
}}
}version version;
}}router-advertisement {interface interface-name {current-hop-limit number;default-lifetime seconds;(managed-configuration | no-managed-configuration);
271Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
max-advertisement-interval seconds;min-advertisement-interval seconds;(other-stateful-configuration | no-other-stateful-configuration);prefix prefix;reachable-timemilliseconds;retransmit-timermilliseconds;
}}
}routing-instances routing-instance-name {interface interface-name;routing-options {access {route prefix {next-hop next-hop;metric route-cost;preference route-distance;tag route-tag;
}}access-internal {route subscriber-ip-address {qualified-next-hop underlying-interface {mac-address address;
}}
}multicast {interface interface-name {no-qos-adjust;
}}
}rib routing-table-name {access {route prefix {next-hop next-hop;metric route-cost;preference route-distance;tag route-tag;
}}access-internal {route subscriber-ip-address {qualified-next-hop underlying-interface {mac-address address;
}}
}}
}routing-options {access {route prefix {next-hop next-hop;metric route-cost;
Copyright © 2018, Juniper Networks, Inc.272
Broadband Subscriber ManagementWholesale Feature Guide
preference route-distance;tag route-tag;
}}access-internal {route subscriber-ip-address {qualified-next-hop underlying-interface {mac-address address;
}}
}multicast {interface interface-name {no-qos-adjust;
}}
}services {captive-portal-content-delivery {rule name {match-direction (input | input-output | output);term name {from {applications application-name {application-protocol type;destination-port port-type;protocol ip-protocol-type;source-port port-type;
}destination-address name <except>;destination-address-range lowminimum-valuehighmaximum-value<except>;destination-prefix-list name <except>;
}then {accept;redirect url;rewrite destination-address address <destination-port port-number>;syslog;
}}
}}
}variables {variable-name {default-value default-value;equals expression;mandatory;uid;uid-reference;
}}
}}
273Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Hierarchy Level [edit]
Release Information Statement introduced in Junos OS Release 9.2.
Support at the filter, policer, hierarchical-policer, three-color-policer, and policy options
hierarchy levels introduced in Junos OS Release 11.4.
Description Create dynamic profiles for use with DHCP or PPP client access.
Options profile-name—Name of the dynamic profile; string of up to 80 alphanumeric characters.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a Basic Dynamic Profile
• Configuring Dynamic VLANs Based on Agent Circuit Identifier Information
• Dynamic Profiles Overview
Copyright © 2018, Juniper Networks, Inc.274
Broadband Subscriber ManagementWholesale Feature Guide
egress-stats (Flat-File Accounting Options)
Syntax egress-stats {all-fields;input-bytes;input-packets;output-bytes;output-packets;queue-id;red-drop-bytes;red-drop-packets;tail-drop-packets;
}
Hierarchy Level [edit accounting-options flat-file-profile profile-name fields]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify egress queue statistics to be collected for the interface.
Options all-fields—Collect all egress queue statistics available for the interface context, logicalor physical.
input-bytes—Collect the number of octets queued including traffic dropped because ofcongestion.
input-packets—Collect thenumberofpacketsqueued including trafficdroppedbecauseof congestion.
output-bytes—Collect the number of octets transmitted by the egress queue.
output-packets—Collect the number of packets transmitted by the egress queue.
queue-id—Collect the logical identifier for the egress queue; identifies the traffic class.
red-drop-bytes—Collect the number of octets dropped on the egress queue because ofrandom early detection.
red-drop-packets—Collect thenumberofpacketsdroppedontheegressqueuebecauseof random early detection.
tail-drop-packets—Collect the number of packets dropped in the egress queue becauseof tail drop.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
Configuring Flat-File Accounting for Layer 2Wholesale on page 185•
275Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
Copyright © 2018, Juniper Networks, Inc.276
Broadband Subscriber ManagementWholesale Feature Guide
encapsulation (Dynamic Interfaces)
Syntax encapsulation (atm-ccc-cell-relay | atm-ccc-vc-mux | atm-cisco-nlpid | atm-tcc-vc-mux |atm-mlppp-llc | atm-nlpid | atm-ppp-llc | atm-ppp-vc-mux | atm-snap | atm-tcc-snap |atm-vc-mux | ether-over-atm-llc | ether-vpls-over-atm-llc | ether-vpls-over-fr |ether-vpls-over-ppp | ethernet | frame-relay-ccc | frame-relay-ppp | frame-relay-tcc |frame-relay-ether-type | frame-relay-ether-type-tcc | multilink-frame-relay-end-to-end| multilink-ppp | ppp-over-ether | ppp-over-ether-over-atm-llc | vlan-bridge | vlan-ccc |vlan-vci-ccc | vlan-tcc | vlan-vpls);
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 10.4.
Description Dynamic interface configuration of the logical link-layer encapsulation type.
Options atm-ccc-cell-relay—Use ATM cell-relay encapsulation.
atm-ccc-vc-mux—Use ATM virtual circuit (VC) multiplex encapsulation on circuit
cross-connect (CCC) circuits. When you use this encapsulation type, you can
configure the ccc family only.
atm-cisco-nlpid—UseCiscoATMnetwork layer protocol ID (NLPID) encapsulation.When
you use this encapsulation type, you can configure the inet family only.
atm-mlppp-llc—For ATM2 IQ interfaces only, use Multilink Point-to-Point Protocol
(MLPPP) over AAL5 LLC. For this encapsulation type, your router must be equipped
with a link services or voice services PIC. MLPPP over ATM encapsulation is not
supported on ATM2 IQ OC48 interfaces.
atm-nlpid—Use ATMNLPID encapsulation. When you use this encapsulation type, you
can configure the inet family only.
atm-ppp-llc—For ATM2 IQ interfaces only, use PPP over AAL5 LLC encapsulation.
atm-ppp-vc-mux—For ATM2 IQ interfaces only, use PPP over ATM AAL5multiplex
encapsulation.
atm-snap—Use ATM subnetwork attachment point (SNAP) encapsulation.
atm-tcc-snap—Use ATM SNAP encapsulation on translational cross-connect (TCC)
circuits.
atm-tcc-vc-mux—Use ATM VCmultiplex encapsulation on TCC circuits. When you use
this encapsulation type, you can configure the tcc family only.
atm-vc-mux—Use ATM VCmultiplex encapsulation. When you use this encapsulation
type, you can configure the inet family only.
277Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
ether-over-atm-llc—For interfaces that carry IPv4 traffic, use Ethernet over ATM LLC
encapsulation.Whenyouuse thisencapsulation type, youcannotconfiguremultipoint
interfaces.
ether-vpls-over-atm-llc—For ATM2 IQ interfaces only, use the Ethernet virtual private
LAN service (VPLS) over ATM LLC encapsulation to bridge Ethernet interfaces and
ATM interfacesover aVPLS routing instance (asdescribed inRFC2684,Multiprotocol
Encapsulation over ATM Adaptation Layer 5). Packets from the ATM interfaces are
converted to standard ENET2/802.3 encapsulated Ethernet frames with the frame
check sequence (FCS) field removed.
ether-vpls-over-fr—For E1, T1, E3, T3, and SONET interfaces only, use the Ethernet virtual
private LAN service (VPLS) over Frame Relay encapsulation to support Bridged
Ethernet over Frame Relay encapsulated TDM interfaces for VPLS applications, as
perMultiprotocol Interconnect over Frame Relay(RFC 2427 [1490]).
ether-vpls-over-ppp—ForE1, T1, E3, T3andSONET interfacesonly, use theEthernet virtual
private LAN service (VPLS) over PPP encapsulation to support Bridged Ethernet
over PPP encapsulated TDM interfaces for VPLS applications.
ethernet—Use Ethernet II encapsulation (as described in RFC 894, A Standard for the
Transmission of IP Datagrams over Ethernet Networks).
ethernet-vpls—Use Ethernet VPLS encapsulation on Ethernet interfaces that have VPLS
enabled and that must accept packets carrying standard Tag Protocol ID (TPID)
values.
extended-vlan-vpls—Use extended virtual LAN (VLAN) VPLS encapsulation on Ethernet
interfaces that have VLAN 802.1Q tagging and VPLS enabled and that must accept
packets carrying TPIDs 0x8100, 0x9100, and 0x9901.
NOTE: The built-in Gigabit Ethernet PIC on anM7i router does not supportextended VLAN VPLS encapsulation.
frame-relay-ccc—Use Frame Relay encapsulation on CCC circuits. When you use this
encapsulation type, you can configure the ccc family only.
frame-relay-ppp—Use PPP over Frame Relay circuits. When you use this encapsulation
type, you can configure the ppp family only.
frame-relay-tcc—Use Frame Relay encapsulation on TCC circuits for connecting unlike
media. When you use this encapsulation type, you can configure the tcc family only.
frame-relay-ether-type—UseFrameRelayether typeencapsulation for compatibilitywith
CiscoFrameRelay.Thephysical interfacemustbeconfiguredwith flexible-frame-relay
encapsulation.
Copyright © 2018, Juniper Networks, Inc.278
Broadband Subscriber ManagementWholesale Feature Guide
frame-relay-ether-type-tcc—UseFrameRelayether typeTCCforCisco-compatibleFrame
Relay on TCC circuits to connect unlike media. The physical interface must be
configured with flexible-frame-relay encapsulation.
multilink-frame-relay-end-to-end—Use MLFR FRF.15 encapsulation. This encapsulation
is used only onmultilink, link services,and voice services interfaces and their
constituentT1orE1 interfaces, and is supportedonLSQand redundantLSQ interfaces.
multilink-ppp—Use MLPPP encapsulation. This encapsulation is used only onmultilink,
link services, and voice services interfaces and their constituent T1 or E1 interfaces.
ppp-over-ether—You use PPP over Ethernet encapsulation to configure an underlying
Ethernet interface for a dynamic PPPoE logical interface.
vlan-bridge—Use Ethernet VLAN bridge encapsulation on Ethernet interfaces that have
IEEE 802.1Q tagging, flexible ethernet services, and bridging enabled, and thatmust
accept packets carrying TPID 0x8100 or a user-defined TPID.
vlan-ccc—UseEthernet virtual LAN (VLAN) encapsulation onCCCcircuits.When youuse
this encapsulation type, you can configure the ccc family only.
vlan-vci-ccc—Use ATM-to-Ethernet interworking encapsulation on CCC circuits. When
you use this encapsulation type, you can configure the ccc family only.
vlan-tcc—Use Ethernet VLAN encapsulation on TCC circuits. When you use this
encapsulation type, you can configure the tcc family only.
vlan-vpls—Use Ethernet VLAN encapsulation on VPLS circuits.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a Retail Dynamic Profile for Use in the Layer 2Wholesale Solution on
page 79
• Configuring PPP over ATM2 Encapsulation Overview
279Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
encapsulation (Logical Interface)
Syntax encapsulation (atm-ccc-cell-relay | atm-ccc-vc-mux | atm-cisco-nlpid | atm-mlppp-llc |atm-nlpid | atm-ppp-llc | atm-ppp-vc-mux | atm-snap | atm-tcc-snap | atm-tcc-vc-mux| atm-vc-mux | ether-over-atm-llc | ether-vpls-over-atm-llc | ether-vpls-over-fr |ether-vpls-over-ppp | ethernet | ethernet-ccc | ethernet-vpls | ethernet-vpls-fr |frame-relay-ccc | frame-relay-ether-type | frame-relay-ether-type-tcc | frame-relay-ppp| frame-relay-tcc | gre-fragmentation | multilink-frame-relay-end-to-end | multilink-ppp| ppp-over-ether | ppp-over-ether-over-atm-llc | vlan-bridge | vlan-ccc | vlan-vci-ccc |vlan-tcc | vlan-vpls | vxlan);
Hierarchy Level [edit interfaces interface-name unit logical-unit-number],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-number],[edit interfaces rlsq number unit logical-unit-number][edit protocols evpn]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 12.1X48 for PTX Series Packet Transport
Routers (ethernet,vlan-ccc, and vlan-tcc options only).
Statement introduced in Junos OS Release 12.2 for the ACX Series Universal Access
Routers. Only the atm-ccc-cell-relay and atm-ccc-vc-mux options are supported on ACX
Series routers.
Statement introduced in Junos OS Release 17.3R1 for QFX10000 Series switches
(ethernet-ccc and vlan-ccc options only).
Description Configure a logical link-layer encapsulation type. Not all encapsulation types are
supported on the switches. See the switch CLI.
Options atm-ccc-cell-relay—Use ATM cell-relay encapsulation.
atm-ccc-vc-mux—Use ATM virtual circuit (VC) multiplex encapsulation on CCC circuits.
When you use this encapsulation type, you can configure the ccc family only.
atm-cisco-nlpid—UseCiscoATMnetwork layer protocol identifier (NLPID)encapsulation.
When you use this encapsulation type, you can configure the inet family only.
atm-mlppp-llc—For ATM2 IQ interfaces only, use Multilink Point-to-Point (MLPPP) over
AAL5 LLC. For this encapsulation type, your router must be equipped with a Link
Services or Voice Services PIC. MLPPP over ATM encapsulation is not supported on
ATM2 IQ OC48 interfaces.
atm-nlpid—Use ATMNLPID encapsulation. When you use this encapsulation type, you
can configure the inet family only.
atm-ppp-llc—(ATM2 IQ interfaces and MX Series routers with MPC/MIC interfaces using
the ATMMIC with SFP only) Use PPP over AAL5 LLC encapsulation.
atm-ppp-vc-mux—(ATM2 IQ interfaces and MX Series routers with MPC/MIC interfaces
using the ATMMICwith SFP only) Use PPPover ATMAAL5multiplex encapsulation.
Copyright © 2018, Juniper Networks, Inc.280
Broadband Subscriber ManagementWholesale Feature Guide
atm-snap—(All interfaces including MX Series routers with MPC/MIC interfaces using
the ATMMIC with SFP) Use ATM subnetwork attachment point (SNAP)
encapsulation.
atm-tcc-snap—Use ATM SNAP encapsulation on translational cross-connect (TCC)
circuits.
atm-tcc-vc-mux—Use ATM VCmultiplex encapsulation on TCC circuits. When you use
this encapsulation type, you can configure the tcc family only.
atm-vc-mux—(All interfaces including MX Series routers with MPC/MIC interfaces using
the ATMMIC with SFP) Use ATM VCmultiplex encapsulation. When you use this
encapsulation type, you can configure the inet family only.
ether-over-atm-llc—(All IP interfaces includingMXSeries routerswithMPC/MIC interfaces
using the ATMMIC with SFP) For interfaces that carry IP traffic, use Ethernet over
ATMLLCencapsulation.Whenyouuse this encapsulation type, youcannotconfigure
multipoint interfaces.
ether-vpls-over-atm-llc—For ATM2 IQ interfaces only, use the Ethernet virtual private
LAN service (VPLS) over ATM LLC encapsulation to bridge Ethernet interfaces and
ATM interfacesover aVPLS routing instance (asdescribed inRFC2684,Multiprotocol
Encapsulation over ATM Adaptation Layer 5). Packets from the ATM interfaces are
converted to standard ENET2/802.3 encapsulated Ethernet frames with the frame
check sequence (FCS) field removed.
ether-vpls-over-fr—For E1, T1, E3, T3, and SONET interfaces only, use the Ethernet virtual
private LAN service (VPLS) over Frame Relay encapsulation to support Bridged
Ethernet over Frame Relay encapsulated TDM interfaces for VPLS applications, per
RFC 2427,Multiprotocol Interconnect over Frame Relay.
NOTE: The SONET/SDHOC3/STM1 (Multi-Rate) MIC with SFP, theChannelized SONET/SDHOC3/STM1 (Multi-Rate) MIC with SFP, and theDS3/E3MIC do not support Ethernet over Frame Relay encapsulation.
ether-vpls-over-ppp—For E1, T1, E3, T3, and SONET interfaces only, use the Ethernet
virtualprivateLANservice (VPLS)overPoint-to-PointProtocol (PPP)encapsulation
to support Bridged Ethernet over PPP-encapsulated TDM interfaces for VPLS
applications.
ethernet—Use Ethernet II encapsulation (as described in RFC 894, A Standard for the
Transmission of IP Datagrams over Ethernet Networks).
ethernet-ccc—Use Ethernet CCC encapsulation on Ethernet interfaces.
ethernet-vpls—Use Ethernet VPLS encapsulation on Ethernet interfaces that have VPLS
enabled and that must accept packets carrying standard Tag Protocol ID (TPID)
values.
281Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
NOTE: The built-in Gigabit Ethernet PIC on anM7i router does not supportextended VLAN VPLS encapsulation.
ethernet-vpls-fr—Use in a VPLS setupwhen a CE device is connected to a PE router over
a time-division multiplexing (TDM) link. This encapsulation type enables the PE
router to terminate the outer layer 2 Frame Relay connection, use the 802.1p bits
inside the inner Ethernet header to classify the packets, look at the MAC address
from the Ethernet header, and use the MAC address to forward the packet into a
given VPLS instance.
frame-relay-ccc—Use Frame Relay encapsulation on CCC circuits. When you use this
encapsulation type, you can configure the ccc family only.
frame-relay-ether-type—UseFrameRelayether typeencapsulation for compatibilitywith
Cisco Frame Relay. The physical interface must be configured with
flexible-frame-relay encapsulation.
frame-relay-ether-type-tcc—UseFrameRelayether typeTCCforCisco-compatibleFrame
Relay on TCC circuits to connect different media. The physical interface must be
configured with flexible-frame-relay encapsulation.
frame-relay-ppp—Use PPP over Frame Relay circuits. When you use this encapsulation
type, you can configure the ppp family only.
frame-relay-tcc—UseFrameRelay encapsulation onTCCcircuits for connecting different
media. When you use this encapsulation type, you can configure the tcc family only.
gre-fragmentation—For adaptive services interfaces only, use GRE fragmentation
encapsulation to enable fragmentation of IPv4 packets in GRE tunnels. This
encapsulationclears thedonot fragment (DF)bit in thepacketheader. If thepacket’s
size exceeds the tunnel’s maximum transmission unit (MTU) value, the packet is
fragmented before encapsulation.
multilink-frame-relay-end-to-end—Use MLFR FRF.15 encapsulation. This encapsulation
is used only onmultilink, link services, and voice services interfaces and their
constituentT1orE1 interfaces, and is supportedonLSQand redundantLSQ interfaces.
multilink-ppp—Use MLPPP encapsulation. This encapsulation is used only onmultilink,
link services, and voice services interfaces and their constituent T1 or E1 interfaces.
ppp-over-ether—UsePPPoverEthernetencapsulation toconfigureanunderlyingEthernet
interface for a dynamic PPPoE logical interface on M120 and M320 routers with
Intelligent Queuing 2 (IQ2) PICs, and on MX Series routers with MPCs.
ppp-over-ether-over-atm-llc—(MXSeries routerswithMPCs using theATMMICwith SFP
only) For underlying ATM interfaces, use PPP over Ethernet over ATM LLC
encapsulation. When you use this encapsulation type, you cannot configure the
interface address. Instead, configure the interface address on the PPP interface.
Copyright © 2018, Juniper Networks, Inc.282
Broadband Subscriber ManagementWholesale Feature Guide
vlan-bridge—Use Ethernet VLAN bridge encapsulation on Ethernet interfaces that have
IEEE802.1Q tagging, flexible-ethernet-services, and bridging enabled and thatmust
accept packets carrying TPID 0x8100 or a user-defined TPID.
vlan-ccc—UseEthernet virtual LAN (VLAN) encapsulation onCCCcircuits.When youuse
this encapsulation type, you can configure the ccc family only.
vlan-vci-ccc—Use ATM-to-Ethernet interworking encapsulation on CCC circuits. When
you use this encapsulation type, you can configure the ccc family only.
vlan-tcc—Use Ethernet VLAN encapsulation on TCC circuits. When you use this
encapsulation type, you can configure the tcc family only.
vlan-vpls—Use Ethernet VLAN encapsulation on VPLS circuits.
vxlan—Use VXLAN data plane encapsulation for EVPN.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Layer 2 Switching Cross-Connects Using CCC
• Configuring the Encapsulation for Layer 2 Switching TCCs
• Configuring Interface Encapsulation on Logical Interfaces
• Configuring MPLS LSP Tunnel Cross-Connects Using CCC
• Circuit and Translational Cross-Connects Overview
• Identifying the Access Concentrator
• Configuring ATM Interface Encapsulation
• Configuring VLAN and Extended VLAN Encapsulation
• Configuring ATM-to-Ethernet Interworking
• Configuring Interface Encapsulation on PTX Series Packet Transport Routers
• Configuring CCC Encapsulation for Layer 2 VPNs
• Configuring TCC Encapsulation for Layer 2 VPNs and Layer 2 Circuits
• Configuring ATM for Subscriber Access
• Understanding CoS on ATM IMA Pseudowire Interfaces Overview
• Configuring Policing on an ATM IMA Pseudowire
283Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
encapsulation
List of Syntax Syntax for Physical Interfaces: M Series, MX Series, QFX Series, T Series, PTX
Series on page 284
Syntax for Logical Interfaces: SRX Series on page 284
Syntax for PhysicalInterfaces: M Series,
encapsulation (atm-ccc-cell-relay | atm-pvc | cisco-hdlc | cisco-hdlc-ccc | cisco-hdlc-tcc |ethernet-bridge | ethernet-ccc | ethernet-over-atm | ethernet-tcc | ethernet-vpls |ethernet-vpls-fr | ether-vpls-over-atm-llc | ethernet-vpls-ppp | extended-frame-relay-cccMXSeries, QFX Series,
T Series, PTX Series | extended-frame-relay-ether-type-tcc |extended-frame-relay-tcc |extended-vlan-bridge| extended-vlan-ccc | extended-vlan-tcc | extended-vlan-vpls | flexible-ethernet-services| flexible-frame-relay | frame-relay | frame-relay-ccc | frame-relay-ether-type |frame-relay-ether-type-tcc | frame-relay-port-ccc | frame-relay-tcc | generic-services |multilink-frame-relay-uni-nni | ppp |ppp-ccc |ppp-tcc | vlan-ccc | vlan-vci-ccc | vlan-vpls);
Syntax for LogicalInterfaces: SRX Series
encapsulation (ether-vpls-ppp |ethernet-bridge | ethernet-ccc | ethernet-tcc | ethernet-vpls| extended-frame-relay-ccc | extended-frame-relay-tcc | extended-vlan-bridge |extended-vlan-ccc | extended-vlan-tcc | extended-vlan-vpls | frame-relay-port-ccc |vlan-ccc | vlan-vpls);
Physical Interfaces: MSeries, MX Series, QFX
[edit interfaces interface-name],[edit interfaces rlsq number:number]
Series, T Series, PTXSeries
Logical Interfaces:SRXSeries
[edit interfaces interface-name unit logical-unit-number ]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.5.
Statement introduced in Junos OS Release 11.1 for EX Series switches.
Statement introduced in Junos OS Release 12.1X48 for PTX Series Packet Transport
Routers (flexible-ethernet-services, ethernet-ccc, and ethernet-tcc options only).
Description For M Series, MX Series, QFX Series, T Series, PTX Series, specify the physical link-layer
encapsulation type.
For SRX Series, specify logical link layer encapsulation.
NOTE: Not all encapsulation types are supported on the switches. See theswitch CLI.
Default ppp—Use serial PPP encapsulation.
Copyright © 2018, Juniper Networks, Inc.284
Broadband Subscriber ManagementWholesale Feature Guide
Physical InterfaceOptions and LogicalInterface Options
[Warning: element unresolved in stylesheets: <title> (in <config-options>). This is
probably a new element that is not yet supported in the stylesheets.]
Physical Interface Options and Logical Interface Options
For physical interfaces:
NOTE: Frame Relay, ATM, PPP, SONET, and SATSOP options are notsupported on EX Series switches.
• atm-ccc-cell-relay—Use ATM cell-relay encapsulation.
• atm-pvc—Defined in RFC 2684,Multiprotocol Encapsulation over ATM Adaptation
Layer 5. When you configure physical ATM interfaces with ATM PVC encapsulation, an
RFC 2684-compliant ATM Adaptation Layer 5 (AAL5) tunnel is set up to route the
ATMcellsoveraMultiprotocol LabelSwitching (MPLS)path that is typically established
between twoMPLS-capable routers using the Label Distribution Protocol (LDP).
• cisco-hdlc—Use Cisco-compatible High-Level Data Link Control (HDLC) framing. E1,
E3, SONET/SDH, T1, and T3 interfaces can use CiscoHDLC encapsulation. Two related
versions are supported:
• CCCversion (cisco-hdlc-ccc)—The logical interfacedoesnot requireanencapsulation
statement. When you use this encapsulation type, you can configure the ccc family
only.
• TCC version (cisco-hdlc-tcc)—Similar to CCC and has the same configuration
restrictions, but used for circuitswithdifferentmediaoneither sideof the connection.
• cisco-hdlc-ccc—Use Cisco-compatible HDLC framing on CCC circuits.
• cisco-hdlc-tcc—Use Cisco-compatible HDLC framing on TCC circuits for connecting
different media.
• ethernet-bridge—Use Ethernet bridge encapsulation on Ethernet interfaces that have
bridging enabled and that must accept all packets.
• ethernet-over-atm—For interfaces that carry IPv4 traffic, use Ethernet over ATM
encapsulation.When you use this encapsulation type, you cannot configuremultipoint
interfaces. As defined in RFC 2684,Multiprotocol Encapsulation over ATM Adaptation
Layer 5, this encapsulation type allows ATM interfaces to connect to devices that
supportonlybridgeprotocoldataunits (BPDUs). JunosOSdoesnotcompletely support
bridging, but accepts BPDU packets as a default gateway. If you use the router as an
edge device, then the router acts as a default gateway. It accepts Ethernet LLC/SNAP
frames with IP or ARP in the payload, and drops the rest. For packets destined to the
Ethernet LAN, a route lookup is done using the destination IP address. If the route
lookup yields a full addressmatch, the packet is encapsulated with an LLC/SNAP and
MAC header, and the packet is forwarded to the ATM interface.
• ethernet-tcc—For interfaces that carry IPv4 traffic, use Ethernet TCC encapsulation
on interfaces that must accept packets carrying standard TPID values. For 8-port,
12-port, and 48-port Fast Ethernet PICs, TCC is not supported.
285Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• ethernet-vpls—Use Ethernet VPLS encapsulation on Ethernet interfaces that have
VPLS enabled and that must accept packets carrying standard TPID values. On M
Series routers, except theM320 router, the 4-port Fast Ethernet TX PIC and the 1-port,
2-port, and 4-port, 4-slot Gigabit Ethernet PICs can use the Ethernet VPLS
encapsulation type.
• ethernet-vpls-fr—Use in a VPLS setup when a CE device is connected to a PE device
over a time division multiplexing (TDM) link. This encapsulation type enables the PE
device to terminate the outer Layer 2 Frame Relay connection, use the 802.1p bits
inside the inner Ethernet header to classify the packets, look at the MAC address from
the Ethernet header, and use theMACaddress to forward the packet into a givenVPLS
instance.
• ethernet-vpls-ppp—Use in a VPLS setupwhen a CE device is connected to a PE device
over a time division multiplexing (TDM) link. This encapsulation type enables the PE
device to terminate the outer Layer 2 PPP connection, use the 802.1p bits inside the
innerEthernetheader toclassify thepackets, lookat theMACaddress fromtheEthernet
header, and use it to forward the packet into a given VPLS instance.
• ether-vpls-over-atm-llc—For ATM intelligent queuing (IQ) interfaces only, use the
Ethernet virtual private LAN service (VPLS) over ATM LLC encapsulation to bridge
Ethernet interfaces and ATM interfaces over a VPLS routing instance (as described in
RFC 2684,Multiprotocol Encapsulation over ATM Adaptation Layer 5). Packets from
the ATM interfaces are converted to standard ENET2/802.3 encapsulated Ethernet
frames with the frame check sequence (FCS) field removed.
• extended-frame-relay-ccc—Use Frame Relay encapsulation on CCC circuits. This
encapsulation type allows you to dedicate DLCIs 1 through 1022 to CCC.When you use
this encapsulation type, you can configure the ccc family only.
• extended-frame-relay-ether-type-tcc—Use extended Frame Relay ether type TCC for
Cisco-compatible Frame Relay for DLCIs 1 through 1022. This encapsulation type is
used for circuits with different media on either side of the connection.
• extended-frame-relay-tcc—Use Frame Relay encapsulation on TCC circuits to connect
different media. This encapsulation type allows you to dedicate DLCIs 1 through 1022
to TCC.
• extended-vlan-bridge—UseextendedVLANbridgeencapsulationonEthernet interfaces
thathave IEEE802.1QVLANtaggingandbridgingenabledandthatmustacceptpackets
carrying TPID 0x8100 or a user-defined TPID.
• extended-vlan-ccc—Use extended VLAN encapsulation on CCC circuits with Gigabit
Ethernet and4-port Fast Ethernet interfaces thatmustacceptpackets carrying802.1Q
values. Extended VLAN CCC encapsulation supports TPIDs 0x8100, 0x9100, and
0x9901. When you use this encapsulation type, you can configure the ccc family only.
For 8-port, 12-port, and 48-port Fast Ethernet PICs, extended VLAN CCC is not
supported. For 4-port Gigabit Ethernet PICs, extended VLAN CCC is not supported.
• extended-vlan-tcc—For interfaces that carry IPv4 traffic, use extended VLAN
encapsulation on TCC circuits with Gigabit Ethernet interfaces on which you want to
use 802.1Q tagging. For 4-port Gigabit Ethernet PICs, extended VLAN TCC is not
supported.
Copyright © 2018, Juniper Networks, Inc.286
Broadband Subscriber ManagementWholesale Feature Guide
• extended-vlan-vpls—Use extended VLAN VPLS encapsulation on Ethernet interfaces
that have VLAN 802.1Q tagging and VPLS enabled and that must accept packets
carrying TPIDs 0x8100, 0x9100, and 0x9901. On M Series routers, except the M320
router, the4-port Fast EthernetTXPICand the 1-port, 2-port, and4-port, 4-slotGigabit
Ethernet PICs can use the Ethernet VPLS encapsulation type.
NOTE: The built-in Gigabit Ethernet PIC on anM7i router does not supportextended VLAN VPLS encapsulation.
• flexible-ethernet-services—ForGigabit Ethernet IQ interfacesandGigabit EthernetPICs
with small form-factor pluggable transceivers (SFPs) (except the 10-port Gigabit
Ethernet PIC and the built-in Gigabit Ethernet port on the M7i router), and for Gigabit
Ethernet interfaces, use flexible Ethernet services encapsulation when you want to
configuremultipleper-unit Ethernet encapsulations. AggregatedEthernetbundles can
use this encapsulation type. This encapsulation type allows you to configure any
combination of route, TCC, CCC, Layer 2 virtual private networks (VPNs), and VPLS
encapsulations on a single physical port. If you configure flexible Ethernet services
encapsulation on the physical interface, VLAN IDs from 1 through 511 are no longer
reserved for normal VLANs.
• flexible-frame-relay—For IQ interfaces only, use flexible Frame Relay encapsulation
when you want to configure multiple per-unit Frame Relay encapsulations. This
encapsulation typeallowsyou toconfigureanycombinationofTCC,CCC,andstandard
Frame Relay encapsulations on a single physical port. Also, each logical interface can
have any DLCI value from 1 through 1022.
• frame-relay—Use Frame Relay encapsulation is defined in RFC 1490,Multiprotocol
Interconnect over Frame Relay. E1, E3, link services, SONET/SDH, T1, T3, and voice
services interfaces can use Frame Relay encapsulation.
• frame-relay-ccc—Use Frame Relay encapsulation on CCC circuits. This encapsulation
is same as standard Frame Relay for DLCIs 0 through 511. DLCIs 512 through 1022 are
dedicated to CCC. The logical interfacemust also have frame-relay-ccc encapsulation.
When you use this encapsulation type, you can configure the ccc family only.
• frame-relay-ether-type—Use Frame Relay ether type encapsulation for compatibility
with the Cisco Frame Relay. IETF frame relay encapsulation identifies the payload
format using NLPID and SNAP formats. Cisco-compatible Frame Relay encapsulation
uses the Ethernet type to identify the type of payload.
NOTE: When the encapsulation type is set to Cisco-compatible FrameRelay encapsulation, ensure that the LMI type is set to ANSI or Q933-A.
• frame-relay-ether-type-tcc—Use Frame Relay ether type TCC for Cisco-compatible
Frame Relay on TCC circuits to connect different media. This encapsulation is
Cisco-compatible Frame Relay for DLCIs 0 through 511. DLCIs 512 through 1022 are
dedicated to TCC.
287Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• frame-relay-port-ccc—Use FrameRelay port CCC encapsulation to transparently carry
all the DLCIs between two customer edge (CE) routers without explicitly configuring
each DLCI on the two provider edge (PE) routers with Frame Relay transport. The
connection between the two CE routers can be either user-to-network interface (UNI)
ornetwork-to-network interface(NNI); this is completely transparent to thePE routers.
When you use this encapsulation type, you can configure the ccc family only.
• frame-relay-tcc—This encapsulation is similar to Frame Relay CCC and has the same
configuration restrictions, but used for circuits with different media on either side of
the connection.
• generic-services—Use generic services encapsulation for services with a hierarchical
scheduler.
• multilink-frame-relay-uni-nni—Use MLFR UNI NNI encapsulation. This encapsulation
is used on link services, voice services interfaces functioning as FRF.16 bundles, and
their constituent T1 or E1 interfaces, and is supported on LSQ and redundant LSQ
interfaces.
•
• ppp—Use serial PPP encapsulation. This encapsulation is defined in RFC 1661, The
Point-to-Point Protocol (PPP) for the Transmission of Multiprotocol Datagrams over
Point-to-Point Links. PPP is the default encapsulation type for physical interfaces. E1,
E3, SONET/SDH, T1, and T3 interfaces can use PPP encapsulation.
• ppp-ccc—Use serial PPP encapsulation on CCC circuits. When you use this
encapsulation type, you can configure the ccc family only.
• ppp-tcc—Use serial PPP encapsulation on TCC circuits for connecting differentmedia.
When you use this encapsulation type, you can configure the tcc family only.
• vlan-ccc—UseEthernetVLANencapsulationonCCCcircuits. VLANCCCencapsulation
supports TPID 0x8100 only. When you use this encapsulation type, you can configure
the ccc family only.
Copyright © 2018, Juniper Networks, Inc.288
Broadband Subscriber ManagementWholesale Feature Guide
• vlan-vci-ccc—UseATM-to-Ethernet interworking encapsulation on CCC circuits.When
you use this encapsulation type, you can configure the ccc family only. All logical
interfaces configured on the Ethernet interfacemust also have the encapsulation type
set to vlan-vci-ccc.
• vlan-vpls—Use VLAN VPLS encapsulation on Ethernet interfaces with VLAN tagging
and VPLS enabled. Interfaceswith VLANVPLS encapsulation accept packets carrying
standard TPID values only. On M Series routers, except the M320 router, the 4-port
Fast Ethernet TX PIC and the 1-port, 2-port, and 4-port, 4-slot Gigabit Ethernet PICs
can use the Ethernet VPLS encapsulation type.
NOTE:
• Label-switched interfaces (LSIs) do not support VLAN VPLSencapsulation. Therefore, you can only use VLAN VPLS encapsulationon a PE-router-to-CE-router interface and not a core-facing interface.
• Starting with Junos OS release 13.3, a commit error occurs when youconfigure vlan-vpls encapsulation on a physical interface and configure
family inetononeof the logicalunits.Previously, itwaspossible tocommit
this invalid configuration.
For logical interfaces:
• frame-relay—Configure a Frame Relay encapsulation when the physical interface has
multiple logical units, and the units are either point to point or multipoint.
• multilink-frame-relay-uni-nni—Link services interfaces functioning as FRF.16 bundles
can use Multilink Frame Relay UNI NNI encapsulation.
• ppp—For normal mode (when the device is using only one ISDN B-channel per call).
Point-to-Point Protocol is for communication between two computers using a serial
interface.
• ppp-over-ether—This encapsulation is used for underlying interfaces of pp0 interfaces.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
289Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
RelatedDocumentation
• Understanding Physical Encapsulation on an Interface
• Configuring Interface Encapsulation on Physical Interfaces
• Configuring CCC Encapsulation for Layer 2 VPNs
• Configuring Layer 2 Switching Cross-Connects Using CCC
• Configuring TCC Encapsulation for Layer 2 VPNs and Layer 2 Circuits
• Configuring ATM Interface Encapsulation
• Configuring ATM-to-Ethernet Interworking
• Configuring VLAN and Extended VLAN Encapsulation
• Configuring VLAN and Extended VLAN Encapsulation
• Configuring Encapsulation for Layer 2Wholesale VLAN Interfaces on page 83
• Configuring Interfaces for Layer 2 Circuits
• Configuring Interface Encapsulation on PTX Series Packet Transport Routers
• Configuring MPLS LSP Tunnel Cross-Connects Using CCC
• Configuring TCC
• Configuring VPLS Interface Encapsulation
• Configuring Interfaces for VPLS Routing
• Defining the Encapsulation for Switching Cross-Connects
• Configuring an MPLS-Based Layer 2 VPN (CLI Procedure)
Copyright © 2018, Juniper Networks, Inc.290
Broadband Subscriber ManagementWholesale Feature Guide
exclude (RADIUS Attributes)
Syntax exclude {acc-aggr-cir-id-asc [ access-request | accounting-start | accounting-stop ];acc-aggr-cir-id-bin [ access-request | accounting-start | accounting-stop ];acc-loop-cir-id [ access-request | accounting-start | accounting-stop ];acc-loop-encap [ access-request | accounting-start | accounting-stop ];acc-loop-remote-id [ access-request | accounting-start | accounting-stop ];accounting-authentic [accounting-off |accounting-on |accounting-start |accounting-stop]
accounting-delay-time [ accounting-off | accounting-on | accounting-start |accounting-stop ];
accounting-session-id access-request;accounting-terminate-cause accounting-off;acct-request-reason [ accounting-start | accounting-stop ];acct-tunnel-connection [ access-request | accounting-start | accounting-stop ];act-data-rate-dn [ access-request | accounting-start | accounting-stop ];act-data-rate-up [ access-request | accounting-start | accounting-stop ];act-interlv-delay-dn [ access-request | accounting-start | accounting-stop ];act-interlv-delay-up [ access-request | accounting-start | accounting-stop ];att-data-rate-dn [ access-request | accounting-start | accounting-stop ];att-data-rate-up [ access-request | accounting-start | accounting-stop ];called-station-id [ access-request | accounting-start | accounting-stop ];calling-station-id [ access-request | accounting-start | accounting-stop ];chargeable-user-identity access-request;class [ accounting-start | accounting-stop ];cos-shaping-rate [ accounting-start | accounting-stop ];delegated-ipv6-prefix [ accounting-start | accounting-stop ];dhcp-gi-address [ access-request | accounting-start | accounting-stop ];dhcp-header access-request;dhcp-mac-address [ access-request | accounting-start | accounting-stop ];dhcp-options [ access-request | accounting-start | accounting-stop ];dhcpv6-header access-request;dhcpv6-options [ access-request | accounting-start | accounting-stop ];downstream-calculated-qos-rate [ access-request | accounting-start | accounting-stop];
dsl-forum-attributes [ access-request | accounting-start | accounting-stop ];dsl-line-state [ access-request | accounting-start | accounting-stop ];dsl-type [ access-request | accounting-start | accounting-stop ];dynamic-iflset-name [ accounting-start | accounting-stop ];event-timestamp [ accounting-off | accounting-on | accounting-start | accounting-stop];
filter-id [ accounting-start | accounting-stop ];first-relay-ipv4-address [ access-request | accounting-start | accounting-stop ];first-relay-ipv6-address [ access-request | accounting-start | accounting-stop ];framed-interface-id [ access-request | accounting-start | accounting-stop ];framed-ip-address [ access-request | accounting-start | accounting-stop ];framed-ip-netmask [ access-request | accounting-start | accounting-stop ];framed-ip-route [ accounting-start | accounting-stop ];framed-ipv6-address [ access-request | accounting-start | accounting-stop ];framed-ipv6-pool [ accounting-start | accounting-stop ];framed-ipv6-prefix [ accounting-start | accounting-stop ];framed-ipv6-route [ accounting-start | accounting-stop ];framed-pool [accounting-start |accounting-stop]; input-ipv6-gigawordsaccounting-stop;
291Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
input-filter [ accounting-start | accounting-stop ];input-gigapackets accounting-stop;input-gigawords accounting-stop;input-ipv6-octets accounting-stop;input-ipv6-packets accounting-stop;interface-description [ access-request | accounting-start | accounting-stop ];l2c-downstream-data [ access-request | accounting-start | accounting-stop ];l2c-upstream-data [ access-request | accounting-start | accounting-stop ];l2tp-rx-connect-speed [ access-request | accounting-start | accounting-stop ];l2tp-tx-connect-speed [ access-request | accounting-start | accounting-stop ];max-data-rate-dn [ access-request | accounting-start | accounting-stop ];max-data-rate-up [ access-request | accounting-start | accounting-stop ];max-interlv-delay-dn [ access-request | accounting-start | accounting-stop ];max-interlv-delay-up [ access-request | accounting-start | accounting-stop ];min-data-rate-dn [ access-request | accounting-start | accounting-stop ];min-data-rate-up [ access-request | accounting-start | accounting-stop ];min-lp-data-rate-dn [ access-request | accounting-start | accounting-stop ];min-lp-data-rate-up [ access-request | accounting-start | accounting-stop ];nas-identifier [ access-request | accounting-off | accounting-on | accounting-start |accounting-stop ];
nas-port [ access-request | accounting-start | accounting-stop ];nas-port-id [ access-request | accounting-start | accounting-stop ];nas-port-type [ access-request | accounting-start | accounting-stop ];output-filter [ accounting-start | accounting-stop ];output-gigapackets accounting-stop;output-gigawords accounting-stop;output-ipv6-gigawords accounting-stop;output-ipv6-octets accounting-stop;output-ipv6-packets accounting-stop;pppoe-description [ access-request | accounting-start | accounting-stop ];standard-attribute number {packet-type [ access-request | accounting-off | accounting-on | accounting-start |accounting-stop ];
}tunnel-assignment-id [ access-request | accounting-start | accounting-stop ];tunnel-client-auth-id [ access-request | accounting-start | accounting-stop ];tunnel-client-endpoint [ access-request | accounting-start | accounting-stop ];tunnel-medium-type [ access-request | accounting-start | accounting-stop ];tunnel-server-auth-id [ access-request | accounting-start | accounting-stop ];tunnel-server-endpoint [ access-request | accounting-start | accounting-stop ];tunnel-type [ access-request | accounting-start | accounting-stop ];upstream-calculated-qos-rate [ access-request | accounting-start | accounting-stop ];vendor-id id-number {vendor-attribute vsa-number {packet-type [ access-request | accounting-off | accounting-on | accounting-start |accounting-stop ];
}}virtual-router [ access-request | accounting-start | accounting-stop ];
}
Hierarchy Level [edit access profile profile-name radius attributes]
Copyright © 2018, Juniper Networks, Inc.292
Broadband Subscriber ManagementWholesale Feature Guide
Release Information Statement introduced in Junos OS Release 9.1.
Statement introduced in Junos OS Release 9.1 for EX Series switches.
downstream-calculated-qos-rate,dsl-forum-attributes, andupstream-calculated-qos-rate
options added in Junos OS Release 11.4.
cos-shaping-rate and filter-id options added in Junos OS Release 13.2.
pppoe-description option added in Junos OS Release 14.2.
virtual-router option added in Junos OS Release 15.1.
first-relay-ipv4-address and first-relay-ipv6-address options added in Junos OS Release
16.1.
acc-loop-encap and acc-loop-remote-id options added in Junos OS Release 16.1R4.
access-request option support for all tunnel attributes added in Junos OSRelease 15.1R7,
16.1R5, 16.2R2, 17.1R2, 17.2R2, and 17.3R1 for MX Series.
packet-type, standard-attribute, vendor-attribute, and vendor-id options added in Junos
OS Release 18.1R1.
Description Configure the router or switch to exclude the specified attributes from being sent in the
specified type of RADIUSmessage. Exclusion can be useful, for example, for attributes
thatdonot changevaluesover the lifetimeofasubscriber. Bynot sending theseattributes,
you reduce the packet size without losing information. Contrast this behavior with that
provided by the ignore statement.
Starting in JunosOSRelease 18.1R1, you can specify standard RADIUS attributeswith the
attribute number. You can specify VSAs with the IANA-assigned vendor ID and the VSA
number.With this flexible configurationmethod, youcanconfigureany standardattribute
and VSA supported by your platform to be excluded. The configuration has no effect if
you configure unsupported attributes, vendors, and VSAs.
The legacymethod allows you to configure only those attributes and VSAs for which the
statement syntax includesaspecificoption.Consequently, youcanuse the legacymethod
toexcludeonlyasubsetofall attributes that canbe received inAccess-Acceptmessages.
Not all attributes are available in all types of RADIUSmessages.
NOTE: If you exclude an attribute from Acct-Off messages, the attributesare then excluded from Interim-Acct messages.
NOTE: VSAs with dedicated option names include Juniper Networks (IANAvendor ID 4874) and DSL Forum (vendor ID 3561) VSAs.
293Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Options RADIUS attribute—RADIUS standard attribute or VSA:
• acc-aggr-cir-id-asc—Exclude Juniper Networks VSA 26-112, Acc-Aggr-Cir-Id-Asc.
• acc-aggr-cir-id-bin—Exclude Juniper Networks VSA 26-111, Acc-Aggr-Cir-Id-Bin.
• acc-loop-cir-id—Exclude Juniper Networks VSA 26-110, Acc-Loop-Cir-Id.
• acc-loop-encap—Exclude Juniper Networks VSA 26-183, Acc-Loop-Encap.
• acc-loop-remote-id—Exclude Juniper Networks VSA 26-182, Acc-Loop-Remote-Id.
• accounting-authentic—Exclude RADIUS attribute 45, Acct-Authentic.
• accounting-delay-time—Exclude RADIUS attribute 41, Acct-Delay-Time.
• accounting-session-id—Exclude RADIUS attribute 44, Acct-Session-Id.
• accounting-terminate-cause—Exclude RADIUS attribute 49, Acct-Terminate-Cause.
• acct-request-reason—Exclude Juniper Networks VSA 26-210, Acct-Request-Reason.
• acct-tunnel-connection—Exclude RADIUS attribute 68, Acct-Tunnel-Connection.
• act-data-rate-dn—Exclude Juniper Networks VSA 26-114, Act-Data-Rate-Dn.
• act-data-rate-up—Exclude Juniper Networks VSA 26-113, Act-Data-Rate-Up.
• act-interlv-delay-dn—Exclude Juniper Networks VSA 26-126, Act-Interlv-Delay-Dn.
• act-interlv-delay-up—Exclude Juniper Networks VSA 26-124, Act-Interlv-Delay-Up.
• att-data-rate-dn—Exclude Juniper Networks VSA 26-118, Att-Data-Rate-Dn.
• att-data-rate-up—Exclude Juniper Networks VSA 26-117, Att-Data-Rate-Up.
• called-station-id—Exclude RADIUS attribute 30, Called-Station-Id.
• calling-station-id—Exclude RADIUS attribute 31, Calling-Station-Id.
• chargeable-user-identity—Exclude RADIUS attribute 89, Chargeable-User-Identity.
• class—Exclude RADIUS attribute 25, Class.
• cos-shaping-rate—Exclude Juniper Networks VSA 26-177, Cos-Shaping-Rate.
• delegated-ipv6-prefix—Exclude RADIUS attribute 123, Delegated-IPv6-Prefix.
• dhcp-gi-address—Exclude Juniper Networks VSA 26-57, DHCP-GI-Address.
• dhcp-header—Exclude Juniper Networks VSA 26-208, DHCP-Header.
• dhcp-mac-address—Exclude Juniper Networks VSA 26-56, DHCP-MAC-Address.
• dhcp-options—Exclude Juniper Networks VSA 26-55, DHCP-Options.
• dhcpv6-header—Exclude Juniper Networks VSA 26-209, DHCPv6-Header.
• dhcpv6-options—Exclude Juniper Networks VSA 26-207, DHCPv6-Options.
• dynamic-iflset-name—Exclude Juniper Networks VSA 26-130, Qos-Set-Name.
• downstream-calculated-qos-rate—Exclude Juniper Networks VSA 26-141.
Copyright © 2018, Juniper Networks, Inc.294
Broadband Subscriber ManagementWholesale Feature Guide
• dsl-forum-attributes—Exclude DSL Forum VSA (vendor ID 3561) as described in RFC
4679, DSL Forum Vendor-Specific RADIUS Attributes.
• dsl-line-state—Exclude Juniper Networks VSA 26-127, DSL-Line-State.
• dsl-type—Exclude Juniper Networks VSA 26-128, DSL-Type.
• event-timestamp—Exclude RADIUS attribute 55, Event-Timestamp.
• filter-id—Exclude RADIUS attribute 11, Filter-Id.
• first-relay-ipv4-address—Exclude Juniper Networks VSA 26-189,
DHCP-First-Relay-IPv4-Address.
• first-relay-ipv6-address—Exclude Juniper Networks VSA 26-190,
DHCP-First-Relay-IPv6-Address.
• framed-interface-id—Exclude RADIUS attribute 96, Framed-Interface-ID.
• framed-ip-address—Exclude RADIUS attribute 8, Framed-IP-Address.
• framed-ip-netmask—Exclude RADIUS attribute 9, Framed-IP-Netmask.
• framed-ip-route—Exclude RADIUS attribute 22, Framed-Route.
• framed-ipv6-address—Exclude RADIUS attribute 168, Framed-IPv6-Address.
• framed-ipv6-pool—Exclude RADIUS attribute 100, Framed-IPv6-Pool.
• framed-ipv6-prefix—Exclude RADIUS attribute 97, Framed-IPv6-Prefix.
• framed-ipv6-route—Exclude RADIUS attribute 99, Framed-IPv6-Route.
• framed-pool—Exclude RADIUS attribute 88, Framed-Pool.
• input-filter—Exclude Juniper Networks VSA 26-10, Ingress-Policy-Name.
• input-gigapackets—Exclude Juniper Networks VSA 26-42, Acct-Input-Gigapackets.
• input-gigawords—Exclude RADIUS attribute 52, Acct-Input-Gigawords.
• input-ipv6-gigawords—Exclude Juniper Networks VSA 26-155,
Acct-Input-IPv6-Gigawords.
• input-ipv6-octets—Exclude Juniper Networks VSA 26-151, Acct-Input-IPv6-Octets.
• input-ipv6-packets—Exclude Juniper Networks VSA 26-153, Acct-Input-IPv6-Packets.
• interface-description—Exclude Juniper Networks VSA 26-53, Interface-Desc.
• l2c-downstream-data—Exclude JuniperNetworksVSA26-93, L2C-Down-Stream-Data.
• l2c-upstream-data—Exclude Juniper Networks VSA 26-92, L2C-Up-Stream-Data.
• l2tp-rx-connect-speed—Exclude Juniper Networks VSA 26-163, Rx-Connect-Speed.
• l2tp-tx-connect-speed—Exclude Juniper Networks VSA 26-162, Tx-Connect-Speed.
• max-data-rate-dn—Exclude Juniper Networks VSA 26-120, Max-Data-Rate-Dn.
• max-data-rate-up—Exclude Juniper Networks VSA 26-119, Max-Data-Rate-Up.
• max-interlv-delay-dn—Exclude Juniper Networks VSA 26-125, Max-Interlv-Delay-Dn.
295Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• max-interlv-delay-up—Exclude Juniper Networks VSA 26-123, Max-Interlv-Delay-Up.
• min-data-rate-dn—Exclude Juniper Networks VSA 26-116, Min-Data-Rate-Dn.
• min-data-rate-up—Exclude Juniper Networks VSA 26-115, Min-Data-Rate-Up.
• min-lp-data-rate-dn—Exclude Juniper Networks VSA 26-122, Min-Lp-Data-Rate-Dn.
• min-lp-data-rate-up—Exclude Juniper Networks VSA 26-121, Min-Lp-Data-Rate-Up.
• nas-identifier—Exclude RADIUS attribute 32, NAS-Identifier.
• nas-port—Exclude RADIUS attribute 5, NAS-Port.
• nas-port-id—Exclude RADIUS attribute 87, NAS-Port-Id.
• nas-port-type—Exclude RADIUS attribute 61, NAS-Port-Type.
• output-filter—Exclude Juniper Networks VSA 26-11, Egress-Policy-Name.
• output-gigapackets—Exclude JuniperNetworksVSA26-43,Acct-Output-Gigapackets.
• output-gigawords—Exclude RADIUS attribute 53, Acct-Output-Gigawords.
• output-ipv6-gigawords—Exclude Juniper Networks VSA 26-156,
Acct-Output-IPv6-Gigawords.
• output-ipv6-octets—Exclude JuniperNetworksVSA26-152, Acct-Output-IPv6-Octets.
• output-ipv6-packets—Exclude Juniper Networks VSA 26-154,
Acct-Output-IPv6-Packets.
• packet-type—Specify the RADIUSmessage type to exclude; term required when
excluding a standard attribute or VSA by number rather than name. You can enclose
multiple values in square brackets to specify a list of message types. Message types
include Access-Request, Accounting-Off, Accounting-Off, Accounting-Start, and
Accounting-Stop.
• pppoe-description—Exclude Juniper Networks VSA 26-24, PPPoE-Description.
• standard-attribute number—RADIUS standard attribute number supported by your
platform. If you configure an unsupported attribute, that configuration has no effect.
When you use this option, youmust use the packet-type term to specify the message
fromwhich the attribute is excluded.
• tunnel-assignment-id—Exclude RADIUS attribute 82, Tunnel-Assignment-ID.
• tunnel-client-auth-id—Exclude RADIUS attribute 90. Tunnel-Client-Auth-ID.
• tunnel-client-endpoint—Exclude RADIUS attribute 66, Tunnel-Client-Endpoint.
• tunnel-medium-type—Exclude RADIUS attribute 65, Tunnel-Medium-Type.
• tunnel-server-auth-id—Exclude RADIUS attribute 91, Tunnel-Server-Auth-ID.
• tunnel-server-endpoint—Exclude RADIUS attribute 67, Tunnel-Server-Endpoint.
• tunnel-type—Exclude RADIUS attribute 64, Tunnel-Type.
• upstream-calculated-qos-rate—Exclude Juniper Networks VSA 26-142
Copyright © 2018, Juniper Networks, Inc.296
Broadband Subscriber ManagementWholesale Feature Guide
• vendor-attribute vsa-number—Number identifying a VSA belonging to the specified
vendor; both must be supported by your platform. If you configure an unsupported
VSA, that configuration has no effect. When you use this option, youmust use the
packet-type term to specify the message fromwhich the attribute is excluded.
• vendor-id id-number—IANA vendor ID supported by your platform. If you configure an
unsupported vendor ID, that configuration has no effect.
• virtual-router—Exclude Juniper Networks VSA 26-1.
RADIUSmessage type:
• access-request—RADIUS Access-Request messages.
• accounting-off—RADIUS Accounting-Off messages.
• accounting-on—RADIUS Accounting-Onmessages.
• accounting-start—RADIUS Accounting-Start messages.
• accounting-stop—RADIUS Accounting-Stopmessages.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Filtering RADIUS Attributes and VSAs from RADIUS Messages
• Configuring RADIUS Server Parameters for Subscriber Access
• AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs
for Junos OS on page 157
• AAA Accounting Messages and Supported RADIUS Attributes and Juniper Networks
VSAs for Junos OS on page 164
• AAA Access Messages and Supported RADIUS Attributes and Juniper Networks VSAs
for Junos OS on page 157
• AAA Accounting Messages and Supported RADIUS Attributes and Juniper Networks
VSAs for Junos OS on page 164
297Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
family
Syntax family family {accounting {destination-class-usage;source-class-usage {(input | output | input output);
}}access-concentrator name;address address {... the address subhierarchy appears after the main [edit interfaces interface-name unitlogical-unit-number family family-name] hierarchy ...
}bundle interface-name;core-facing;demux-destination {destination-prefix;
}demux-source {source-prefix;
}direct-connect;duplicate-protection;dynamic-profile profile-name;filter {group filter-group-number;input filter-name;input-list [ filter-names ];output filter-name;output-list [ filter-names ];
}interface-mode (access | trunk);ipsec-sa sa-name;keep-address-and-control;mac-validate (loose | strict);max-sessions number;max-sessions-vsa-ignore;mtu bytes;multicast-only;negotiate-address;no-redirects;policer {arp policer-template-name;input policer-template-name;output policer-template-name;
}primary;protocols [inet isompls];proxy inet-address address;receive-options-packets;receive-ttl-exceeded;remote (inet-address address | mac-address address);rpf-check {
Copyright © 2018, Juniper Networks, Inc.298
Broadband Subscriber ManagementWholesale Feature Guide
fail-filter filter-namemode loose;
}sampling {input;output;
}service {input {post-service-filter filter-name;service-set service-set-name <service-filter filter-name>;
}output {service-set service-set-name <service-filter filter-name>;
}}service-name-table table-name;short-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds> <filter [aci]>;
(translate-discard-eligible | no-translate-discard-eligible);(translate-fecn-and-becn | no-translate-fecn-and-becn);translate-plp-control-word-de;unnumbered-address interface-namedestinationaddressdestination-profileprofile-name;vlan-id number;vlan-id-list [number number-number];address address {arp ip-address (mac | multicast-mac)mac-address <publish>;broadcast address;destination address;destination-profile name;eui-64;master-only;multipoint-destination address dlci dlci-identifier;multipoint-destination address {epd-threshold cells;inverse-arp;oam-liveness {up-count cells;down-count cells;
}oam-period (disable | seconds);shaping {(cbr rate | rtvbr burst length peak rate sustained rate | vbr burst length peak ratesustained rate);
queue-length number;}vci vpi-identifier.vci-identifier;
}preferred;primary;vrrp-groupgroup-id {(accept-data | no-accept-data);advertise-interval seconds;authentication-key key;authentication-type authentication;fast-intervalmilliseconds;
299Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
(preempt | no-preempt) {hold-time seconds;
}priority number;track {interface interface-name {bandwidth-threshold bits-per-second priority-cost priority;priority-cost priority;
}priority-hold-time seconds;route prefix routing-instance instance-name priority-cost priority;}
}virtual-address [ addresses ];}
virtual-link-local-address ipv6-address;}
}
Hierarchy Level [edit interfaces interface-name unit logical-unit-number],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-number]
Release Information Statement introduced before Junos OS Release 7.4.
Optionmax-sessions-vsa-ignore introduced in Junos OS Release 11.4.
Description Configure protocol family information for the logical interface.
NOTE: Not all subordinate statements are available to every protocol family.
Copyright © 2018, Juniper Networks, Inc.300
Broadband Subscriber ManagementWholesale Feature Guide
Options family—Protocol family:
• any—Protocol-independent family used for Layer 2 packet filtering
NOTE: This option is not supported on T4000 Type 5 FPCs.
• bridge—(MSeries andTSeries routers only)Configure onlywhen thephysical interface
is configured with ethernet-bridge type encapsulation or when the logical interface is
configured with vlan-bridge type encapsulation. You can optionally configure this
protocol family for the logical interface on which you configure VPLS.
• ethernet-switching—(M Series and T Series routers only) Configure only when the
physical interface is configured with ethernet-bridge type encapsulation or when the
logical interface is configured with vlan-bridge type encapsulation
• ccc—Circuit cross-connect protocol suite. You can configure this protocol family for
the logical interface of CCC physical interfaces.When you use this encapsulation type,
you can configure the ccc family only.
• inet—Internet Protocol version 4 suite. Youmust configure this protocol family for the
logical interface to support IP protocol traffic, including Open Shortest Path First
(OSPF), Border Gateway Protocol (BGP), Internet Control Message Protocol (ICMP),
and Internet Protocol Control Protocol (IPCP).
• inet6—Internet Protocol version 6 suite. Youmust configure this protocol family for
the logical interface to support IPv6 protocol traffic, including Routing Information
Protocol for IPv6 (RIPng), Intermediate System-to-Intermediate System (IS-IS), BGP,
and Virtual Router Redundancy Protocol for IPv6 (VRRP).
• iso—International Organization for Standardization Open Systems Interconnection
(ISOOSI)protocol suite. Youmust configure this protocol family for the logical interface
to support IS-IS traffic.
• mlfr-end-to-end—Multilink Frame Relay FRF.15. Youmust configure this protocol or
multilink Point-to-Point Protocol (MLPPP) for the logical interface to supportmultilink
bundling.
• mlfr-uni-nni—Multilink Frame Relay FRF.16. Youmust configure this protocol or
mlfr-end-to-end for the logical interface to support link services and voice services
bundling.
• multilink-ppp—Multilink Point-to-Point Protocol. Youmust configure this protocol (or
mlfr-end-to-end) for the logical interface to support multilink bundling.
• mpls—Multiprotocol Label Switching (MPLS). Youmust configure this protocol family
for the logical interface to participate in an MPLS path.
• pppoe—Point-to-Point Protocol over Ethernet
• tcc—Translational cross-connect protocol suite. You can configure this protocol family
for the logical interface of TCC physical interfaces.
301Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• tnp—Trivial Network Protocol. This protocol is used to communicate between the
Routing Engine and the router’s packet forwarding components. The Junos OS
automatically configures this protocol family on the router’s internal interfaces only,
as discussed in Understanding Internal Ethernet Interfaces.
• vpls—(MSeriesandTSeries routersonly)Virtual privateLANservice. Youcanoptionally
configure this protocol family for the logical interface on which you configure VPLS.
VPLSprovidesanEthernet-basedpoint-to-multipointLayer2VPNtoconnectcustomer
edge(CE) routersacrossanMPLSbackbone.WhenyouconfigureaVPLSencapsulation
type, the family vpls statement is assumed by default.
MX Series routers support dynamic profiles for VPLS pseudowires, VLAN identifier
translation, and automatic bridge domain configuration.
For more information about VPLS, see the Junos OS VPNs Library for Routing Devices.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring the Protocol Family
Copyright © 2018, Juniper Networks, Inc.302
Broadband Subscriber ManagementWholesale Feature Guide
family (Address-Assignment Pools)
Syntax family family {dhcp-attributes {[protocol-specific attributes]
}excluded-address ip-address;excluded-range name lowminimum-value highmaximum-value;host hostname {hardware-addressmac-address;ip-address ip-address;
}network ip-prefix/<prefix-length>;prefix ipv6-prefix;range range-name {high upper-limit;low lower-limit;prefix-length prefix-length;
}}
Hierarchy Level [edit access address-assignment pool pool-name]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.3 for EX Series switches.
Description Configure the protocol family for the address-assignment pool.
NOTE: Subordinate statement support depends on the platform. Seeindividual statement topics for more detailed support information.
Options family—Protocol family:
• inet—Internet Protocol version 4 suite
• inet6—Internet Protocol version 6 suite
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Address-Assignment Pools Overview
• Configuring Address-Assignment Pools
303Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
family (Dynamic Demux Interface)
Syntax family family {access-concentrator name;address address;demux-source {source-address;
}direct-connect;duplicate-protection;dynamic-profile profile-name;filter {input filter-name;output filter-name;
}mac-validate (loose | strict);max-sessions number;max-sessions-vsa-ignore;service-name-table table-name;short-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds> <filter [aci]>;
unnumbered-address interface-name <preferred-source-address address>;}
Hierarchy Level [edit dynamic-profiles profile-name interfaces demux0 unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 9.3.
pppoe option added in Junos OS Release 11.2.
Description Configure protocol family information for the logical interface.
NOTE: Not all subordinate stanzas are available to every protocol family.
Options family—Protocol family:
• inet—Internet Protocol version 4 suite
• inet6—Internet Protocol version 6 suite
• pppoe—(MX Series routers with MPCs only) Point-to-Point Protocol over Ethernet
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles•
Copyright © 2018, Juniper Networks, Inc.304
Broadband Subscriber ManagementWholesale Feature Guide
• Subscriber Interfaces and Demultiplexing Overview
family (Dynamic PPPoE)
Syntax family family {unnumbered-address interface-name;address address;service {input {service-set service-set-name {service-filter filter-name;
}post-service-filter filter-name;
}output {service-set service-set-name {service-filter filter-name;
}}
}filter {input filter-name {precedence precedence;
}output filter-name {precedence precedence;
}}
}
Hierarchy Level [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”]
Release Information Statement introduced in Junos OS Release 10.1.
Description Configure protocol family information for the logical interface.
Options family—Protocol family:
• inet—Internet Protocol version 4 suite
• inet6—Internet Protocol version 6 suite
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a PPPoE Dynamic Profile
• Dynamic PPPoE Subscriber Interfaces over Static Underlying Interfaces Overview
305Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
family (Dynamic Standard Interface)
Syntax family family {access-concentrator name;address address;direct-connect;duplicate-protection;dynamic-profile profile-name;filter {adf {counter;input-precedence precedence;not-mandatory;output-precedence precedence;rule rule-value;
}input filter-name {precedence precedence;shared-name filter-shared-name;
}output filter-name {precedence precedence;shared-name filter-shared-name;
}}mac-validate (loose | strict);max-sessions number;max-sessions-vsa-ignore;rpf-check {fail-filter filter-name;mode loose;
}service {input {service-set service-set-name {service-filter filter-name;
}post-service-filter filter-name;
}output {service-set service-set-name {service-filter filter-name;
}}
}service-name-table table-name;short-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds> <filter [aci]>;
unnumbered-address interface-name <preferred-source-address address>;}
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number]
Copyright © 2018, Juniper Networks, Inc.306
Broadband Subscriber ManagementWholesale Feature Guide
Release Information Statement introduced in Junos OS Release 9.2.
pppoe option added in Junos OS Release 11.2.
Description Configure protocol family information for the logical interface.
NOTE: Not all subordinate stanzas are available to every protocol family.
Options family—Protocol family:
• inet—IP version 4 suite
• inet6—IP version 6 suite
• pppoe—(MX Series routers with MPCs only) Point-to-Point Protocol over Ethernet
• vpls—Virtual private LAN service
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Example: Configuring Static Routing on Logical Systems
• Configuring the Protocol Family
307Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
fields (Flat-File Accounting Options)
Syntax fields {all-fields;egress-stats {all-fields;input-bytes;input-packets;output-bytes;output-packets;queue-id;red-drop-bytes;red-drop-packets;tail-drop-packets;
}general-param {all-fields;accounting-type;descr;line-id;logical-interface;nas-port-id;physical-interface;routing-instance;timestamp;user-name;vlan-id;
}ingress-stats {all-fields;drop-packets;input-bytes;input-packets;output-bytes;output-packets;queue-id;
}l2-stats {all-fields;input-mcast-bytes;input-mcast-packets;
}overall-packet {all-fields;input-bytes;input-discards;input-errors;input-packets;inputv6-bytes;inputv6-packets;output-bytes;output-errors;output-packets;outputv6-bytes;
Copyright © 2018, Juniper Networks, Inc.308
Broadband Subscriber ManagementWholesale Feature Guide
outputv6-packets;}service-accounting;
}
Hierarchy Level [edit accounting-options flat-file-profile profile-name]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify the accounting statistics and the nonstatistical information to be collected for
an interface and recorded in the accounting flat file created by the profile.
Options all-fields—Include all available statistical fields in the accounting file. Many fields areavailable for both logical interfaces and physical interfaces, but some fields are
available only for one or the other interface type.
service-accounting—Include the filter counts in bytes for the inet input filter, inet outputfilter, inet6 input filter, and inet6 output filter in the service accounting flat file.
Statistics reported are the running total values.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Configuring Service Accounting in Local Flat Files on page 193
• Flat-File Accounting Overview on page 181
309Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
file (Flat-File Accounting Options)
Syntax file filename;
Hierarchy Level [edit accounting-options flat-file-profile profile-name]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify the name of the accounting file created by a flat-file profile. By default, the
filename becomes the name of the local directory where the accounting file is backed
up: /var/log/pfedBackup/filename.
Options filename—Name of the accounting file. The complete output filename is in the formatfilename.hostname.file-number_timestamp.gz.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
Copyright © 2018, Juniper Networks, Inc.310
Broadband Subscriber ManagementWholesale Feature Guide
flat-file-profile (Accounting Options)
Syntax flat-file-profile profile-name{fields {all-fields;egress-stats {all-fields;input-bytes;input-packets;output-bytes;output-packets;queue-id;red-drop-bytes;red-drop-packets;tail-drop-packets;
}general-param {all-fields;accounting-type;descr;line-id;logical-interface;nas-port-id;physical-interface;routing-instance;timestamp;user-name;vlan-id;
}ingress-stats {all-fields;drop-packets;input-bytes;input-packets;output-bytes;output-packets;queue-id;
}l2-stats {all-fields;input-mcast-bytes;input-mcast-packets;
}overall-packet {all-fields;input-bytes;input-discards;input-errors;input-packets;inputv6-bytes;inputv6-packets;output-bytes;output-errors;output-packets;
311Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
outputv6-bytes;outputv6-packets;
}service-accounting;
}file filename;format (csv | ipdr)intervalminutes;schema-version schema-name;
}
Hierarchy Level [edit accounting-options]
Release Information Statement introduced in Junos OS Release 16.1R4.
service-accounting option added in Junos OS Release 17.1.
Description Configure a flat-file accounting profile that defines the contents of a flat file that records
accounting statistics collected from the Packet Forwarding Engine for an interface at
regular intervals. To be used, the profile is associated with a subscriber interface. The
accounting flat file is archived by the accounting-options archiving mechanism.
Options profile-name—Name of the flat-file profile.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Accounting-Data Log Files
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Configuring Service Accounting in Local Flat Files on page 193
• Flat-File Accounting Overview on page 181
• show extensible-subscriber-services accounting
Copyright © 2018, Juniper Networks, Inc.312
Broadband Subscriber ManagementWholesale Feature Guide
flat-file-profile (Extensible Subscriber Services)
Syntax flat-file-profile profile-name
Hierarchy Level [edit system services extensible-subscriber-services]
Release Information Statement introduced in Junos OS Release 16.1.
Description Specify the name of an accounting flat file profile that applies to an ESSM subscriber.
Options profile name—Name of an accounting flat file profile configured at the [editaccounting-options] hierarchy level.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
313Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
flexible-vlan-tagging
Syntax flexible-vlan-tagging;
Hierarchy Level [edit interfaces aex],[edit interfaces ge-fpc/pic/port],[edit interfaces et-fpc/pic/port],[edit interfaces ps0],[edit interfaces xe-fpc/pic/port]
Release Information Statement introduced in Junos OS Release 8.1.
Support for aggregated Ethernet added in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.1x48 for PTX Series Packet Transport
Routers.
Statement introduced in Junos OS Release 13.2X50-D15 for EX Series switches.
Statement introduced in Junos OS Release 13.2X51-D20 for the QFX Series.
Description Support simultaneous transmission of 802.1Q VLAN single-tag and dual-tag frames on
logical interfaces on the same Ethernet port, and on pseudowire logical interfaces.
This statement is supported on M Series and T Series routers, for Fast Ethernet and
Gigabit Ethernet interfaces only on Gigabit Ethernet IQ2 and IQ2-E, IQ, and IQE PICs, and
for aggregated Ethernet interfaces with member links in IQ2, IQ2-E, and IQ PICs or in MX
Series DPCs, or on Ethernet interfaces for PTX Series Packet Transport Routers or
100-Gigabit Ethernet Type 5 PIC with CFP.
This statement is supportedonGigabitEthernet, 10-GigabitEthernet, 40-GigabitEthernet,
and aggregated Ethernet interfaces on EX Series and QFX Series switches.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Enabling VLAN Tagging
• Configuring Flexible VLAN Tagging on PTX Series Packet Transport Routers
• Configuring Double-Tagged VLANs on Layer 3 Logical Interfaces
Copyright © 2018, Juniper Networks, Inc.314
Broadband Subscriber ManagementWholesale Feature Guide
format (Flat-File Accounting Options)
Syntax format (csv | ipdr);
Hierarchy Level [edit accounting-options flat-file-profile profile-name]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify the format for logging the flat-file accounting statistics.
Options csv—Comma-separated values (CSV) format.
ipdr—IP Detail Record (IPDR) format.
Default: ipdr
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
315Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
forwarding-options
Syntax forwarding-options {access-security ...accounting name ...dhcp-relay ...enhanced-hash-key ...family family-name ...fast-reroute-priority (high | low | medium);helpers ...ip-options-protocol-queue protocol-name ...link-layer-broadcast-inet-check;load-balance ...load-balance-label-capability;multicast-replication ...next-hop-group group-name ...no-load-balance-label-capability;port-mirroring ...rpf-loose-mode-discard ...sampling ...satellite ...storm-control-profiles profile-name ...
}
Hierarchy Level [edit][edit routing-instance routing-instance-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure traffic forwarding options. For more information about each option, click a
linked statement in the Syntax section.
Options access-security—Configure IPv6 access security options.
accounting—Specify the discard accounting instance name and options.
dhcp-relay—Configure extended Dynamic Host Configuration Protocol (DHCP) relayand DHCPv6 relay options on the router or switch to enable the router (or switch)
to function as a DHCP relay agent.
enhanced-hash-key—(MX Series routers with MPCs, T4000 routers with Type 5 FPCs,and EX9200 switches) Select data used in the hash key for enhanced IP forwarding
engines.
family—Specify address family for filters.
fast-reroute-priority—Specify the fast reroute priority for a VPLS routing instance. Youcan configure high,medium, or low fast reroute priority to prioritize specific VPLS
routing instances for faster convergence and traffic restoration.
Copyright © 2018, Juniper Networks, Inc.316
Broadband Subscriber ManagementWholesale Feature Guide
helpers—Enable TFTP or DNS request packet forwarding, or configure the router, switch,or interface to act as a DHCP/BOOTP relay agent. Enable forwarding LAN broadcast
traffic on custom UDP ports to particular servers as unicast traffic.
ip-options-protocol-queue—Configure logical queue-depth in the PFE for ip-optionspackets for a given protocol such as TCP, UDP, ICMP, and so on, except IGMP.
link-layer-broadcast-inet-check—Enable destination MAC and IP address check toprevent the router from forwarding IPv4 packets that have link layer destination
address set to broadcast ormulticast, unless directed to an IPv4multicast address.
load-balance—Enable per-prefix or per-flow load balancing so that the router or switch
elects a next hop independently of the route selected by other routers or switches.
load-balance-label-capability—Enable the router to push and pop the load balancinglabel and causes LDP and RSVP to advertise the entropy label TLV to neighboring
routers.
multicast-replication—Configure themodeofmulticast replication thathelps tooptimizemulticast latency.
next-hop-group—Specify the next-hop address for sending copies of packets to ananalyzer.
no-load-balance-label-capability—Disable advertisement of entropy label capabilityin LDP and RSVP.
port-mirroring—Specify the input, output, and traceoptionsproperties for sending copiesof packets to an analyzer.
rpf-loose-mode-discard—Configureunicast reversepath forwarding (unicastRPF) loosemode with the ability to discard packets with the source address pointing to the
discard next hop.
sampling—Configure traffic sampling.
satellite—Specify that mirrored traffic is to be forwarded on all satellite devices that areconnected to the aggregation device.
storm-control-profiles—Configure a storm control profile on a switch or router. Storm
control is used to prevent network outages that are caused by broadcast traffic
storms.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
317Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
RelatedDocumentation
• Configuring Stateless IPv6 Router Advertisement Guard on Switches
• Configuring Stateful IPv6 Router Advertisement Guard on Switches
• Configuring Discard Accounting on M and T Series Routers
• Extended DHCP Relay Agent Overview
• Configuring Symmetrical Load Balancing on an 802.3ad Link Aggregation Group on MX
Series Routers
• Applying Forwarding Table Filters
• Configuring VPLS Fast Reroute Priority
• Configuring DNS and TFTP Packet Forwarding
• Configuring Port-based LAN Broadcast Packet Forwarding
• Configuring Per-Flow Load Balancing Based on Hash Values
• Configuring Per-Prefix Load Balancing
• Configuring the Entropy Label for LSPs
• Configuring Port Mirroring on M, T and MX Series Routers
• Configuring Unicast RPF
• Configuring Traffic Sampling on MX, M and T Series Routers
• Understanding Port Mirroring on a Junos Fusion Data Center
• Understanding Storm Control for Managing Traffic Levels
Copyright © 2018, Juniper Networks, Inc.318
Broadband Subscriber ManagementWholesale Feature Guide
general-param (Flat-File Accounting Options)
Syntax general-param {all-fields;accounting-type;descr;line-id;logical-interface;nas-port-id;physical-interface;routing-instance;timestamp;user-name;vlan-id;
}
Hierarchy Level [edit accounting-options flat-file-profile profile-name fields]
Release Information Statement introduced in Junos OS Release 16.1R4.
user-name option added in Junos OS Release 17.1.
Description Specify general, nonstatistical interface parameters that are displayed as part of the
header for the accounting file.
Options all-fields—Display all available nonstatistical fields. Many fields are available for bothlogical interfaces and physical interfaces, but some fields are available for only one
interface type.
accounting-type—(Logical interfaces only ) Display the accounting status type.
descr—Display the description of the interface as configured.
line-id—(Logical interfaces only ) Display the access line identifier.
logical-interface—(Logical interfaces only ) Display the name of the logical interface.
nas-port-id—(Logical interfaces only ) Display the NAS port ID.
physical-interface—(Physical interfacesonly )Display thenameof thephysical interface.
routing-instance—Display thenameof the routing instance towhich the interfacebelongs.
timestamp—Display the timestamp of the accounting record.
user-name—Display the name of the subscriber.
vlan-id—(Logical interfaces only ) Display the VLAN identifier.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
319Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Configuring Service Accounting in Local Flat Files on page 193
• Flat-File Accounting Overview on page 181
grace-period
Syntax grace-period seconds;
Hierarchy Level [edit access address-assignment pool pool-name family (inet | inet6) dhcp-attributes],[edit access protocol-attributes attribute-set-name]
Release Information Statement introduced in Junos OS Release 9.0.
Description Configure the amount of time that the client retains the address lease after the lease
expires. The address cannot be reassigned to another client during the grace period.
Options seconds—Number of seconds the lease is retained.
Range: 0 through 4,294,967,295 seconds
Default: 0 (no grace period)
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Address-Assignment Pools
Copyright © 2018, Juniper Networks, Inc.320
Broadband Subscriber ManagementWholesale Feature Guide
group (DHCP Local Server)
Syntax group group-name {access-profile profile-name;authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);logical-system-name;mac-address;option-60;option-82 <circuit-id> <remote-id>;relay-agent-interface-idrelay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;
}}dynamic-profile profile-name <aggregate-clients (merge | replace) | use-primaryprimary-profile-name>;
interface interface-name {access-profile profile-name;exclude;overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match <option60-and-option82>;client-negotiation-match incoming-interface;interface-client-limit number;process-inform {pool pool-name;
}rapid-commit;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;
321Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
thresholdmilliseconds;}detection-time {thresholdmilliseconds;
}session-mode(automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match <option60-and-option82>;client-negotiation-match incoming-interface;delegated-pool;delete-binding-on-renegotiation;interface-client-limit number;process-inform {pool pool-name;
}protocol-attributes attribute-set-name;rapid-commit;
}reconfigure {attempts attempt-count;clear-on-abort;strict;timeout timeout-value;token token-value;trigger {radius-disconnect;
}}route-suppression;service-profile dynamic-profile-name;
}
Hierarchy Level [edit system services dhcp-local-server],[edit system services dhcp-local-server dhcpv6],[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server ...],
[edit logical-systems logical-system-name system services dhcp-local-server ...],[edit routing-instances routing-instance-name system services dhcp-local-server ...]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Configureagroupof interfaces thathaveacommonconfiguration, suchasauthentication
parameters. A groupmust contain at least one interface.
Copyright © 2018, Juniper Networks, Inc.322
Broadband Subscriber ManagementWholesale Feature Guide
Options group-name—Name of the group.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Extended DHCP Local Server Overview
• Grouping Interfaces with Common DHCP Configurations
• Using External AAA Authentication Services with DHCP
• Attaching Dynamic Profiles to DHCP Subscriber Interfaces or DHCP Client Interfaces
• DHCP Liveness Detection Using ARP and Neighbor Discovery Packets
323Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
group (DHCP Relay Agent)
Syntax group group-name {access-profile profile-name;active-server-group server-group-name;authentication {password password-string;username-include {circuit-type;client-id;delimiter delimiter-character;domain-name domain-name-string;interface-description (device-interface | logical-interface);interface-name interface-name;logical-system-name;mac-addressmac-address;relay-agent-interface-id;relay-agent-remote-id;relay-agent-subscriber-id;routing-instance-name;user-prefix user-prefix-string;
}}dynamic-profile profile-name {aggregate-clients (merge | replace);use-primary primary-profile-name;
}forward-only {logical-system <current | default | logical-system-name>;routing-instance <current | default | routing-instance-name>;
}interface interface-name {access-profile profile-name;exclude;liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode (automatic | multihop | singlehop);holddown-intervalmilliseconds;
}}
Copyright © 2018, Juniper Networks, Inc.324
Broadband Subscriber ManagementWholesale Feature Guide
}overrides {allow-no-end-option;allow-snooped-clients;always-write-giaddr;always-write-option-82;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match <option60-and-option82 | incoming-interface>;client-negotiation-match incoming-interface;delay-authentication;delete-binding-on-renegotiation;disable-relay;dual-stack dual-stack-group-name;interface-client-limit number;layer2-unicast-replies;no-allow-snooped-clients;no-bind-on-request;proxy-mode;relay-sourcereplace-ip-source-with;send-release-on-delete;trust-option-82;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}liveness-detection {failure-action (clear-binding | clear-binding-if-interface-up | log-only);method {bfd {version (0 | 1 | automatic);minimum-intervalmilliseconds;minimum-receive-intervalmilliseconds;multiplier number;no-adaptation;transmit-interval {minimum-intervalmilliseconds;thresholdmilliseconds;
}detection-time {thresholdmilliseconds;
}session-mode (automatic | multihop | singlehop);holddown-intervalmilliseconds;
}layer2-liveness-detection {max-consecutive-retries number;transmit-interval interval;
}}
}overrides {allow-snooped-clients;always-write-giaddr;
325Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
always-write-option-82;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match <option60-and-option82>;client-negotiation-match incoming-interface;disable-relay;dual-stack dual-stack-group-name;interface-client-limit number;layer2-unicast-replies;no-allow-snooped-clients;no-bind-on-request;proxy-mode;relay-sourcereplace-ip-source-with;send-release-on-delete;trust-option-82;
}relay-agent-interface-id {prefix prefix;use-interface-description (logical | device);use-option-82;
}relay-agent-remote-id {prefix prefix;use-interface-description (logical | device);use-option-82 <strict>;
}relay-option {option-number option-number;default-action {drop;forward-only;local-server-group local-server-group;relay-server-group relay-server-group;
}equals (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;local-server-group local-server-group;relay-server-group relay-server-group;
}starts-with (ascii ascii-string | hexadecimal hexadecimal-string) {drop;forward-only;local-server-group local-server-group;relay-server-group relay-server-group;
}}relay-option-82 {circuit-id {prefix prefix;use-interface-description (logical | device);use-option-82;
}remote-id {prefix prefix;
Copyright © 2018, Juniper Networks, Inc.326
Broadband Subscriber ManagementWholesale Feature Guide
use-interface-description (logical | device);}server-id-override
}remote-id-mismatch disconnect;route-suppression;service-profile dynamic-profile-name;
}
Hierarchy Level [edit forwarding-options dhcp-relay],[edit forwarding-options dhcp-relay dhcpv6],[edit logical-systems logical-system-name forwarding-options dhcp-relay ...],[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay ...],
[edit routing-instances routing-instance-name forwarding-options dhcp-relay ...]
Release Information Statement introduced in Junos OS Release 8.3.
Support at the [edit ... dhcpv6] hierarchy levels introduced in Junos OS Release 11.4.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Specify the name of a group of interfaces that have a common DHCP or DHCPv6 relay
agent configuration. A groupmust contain at least one interface. Use the statement at
the [edit ... dhcpv6] hierarchy levels to configure DHCPv6 support.
Options group-name—Nameof a group of interfaces that have a commonDHCPor DHCPv6 relay
agent configuration.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Extended DHCP Relay Agent Overview
• Understanding the Extended DHCP Relay Agent for EX Series Switches
• Configuring an Extended DHCP Relay Server on EX Series Switches (CLI Procedure)
• Configuring Group-Specific DHCP Relay Options
• Grouping Interfaces with Common DHCP Configurations
• Using External AAA Authentication Services with DHCP
• Attaching Dynamic Profiles to DHCP Subscriber Interfaces or DHCP Client Interfaces
• DHCP Liveness Detection Using ARP and Neighbor Discovery Packets
327Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
ingress-stats (Flat-File Accounting Options)
Syntax ingress-stats {all-fields;drop-packets;input-bytes;input-packets;output-bytes;output-packets;queue-id;
}
Hierarchy Level [edit accounting-options flat-file-profile profile-name fields]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify ingress queue statistics to be collected for the interface.
Options all-fields—Collect all ingress queue statistics available for the interface context, logicalor physical.
drop-packets—Collect the number of received packets dropped on the Ingress queue.
input-bytes—Collect the number of octets received on the queue for the traffic classindicated by the queue identifier.
input-packets—Collect the number of packets received on the queue for the traffic classindicated by the queue identifier.
output-bytes—Collect the number of octets forwarded for the traffic class indicated bythe queue identifier. Same value as input-bytes unless oversubscription is present
at the ingress.
output-packets—Collect the number of packets forwarded for the traffic class indicatedby the queue identifier. Same value as input-packets unless oversubscription is
present at the ingress.
queue-id—Collect the logical identifier for the ingress queue; identifies the traffic class.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
Copyright © 2018, Juniper Networks, Inc.328
Broadband Subscriber ManagementWholesale Feature Guide
inner-vlan-id (Dynamic VLANs)
Syntax inner-vlan-id number;
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-numberinput-vlan-map],
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-numberoutput-vlan-map]
Release Information Statement introduced in Junos OS Release 10.4.
Description For dynamic VLAN interfaces, specify the VLAN ID to rewrite for the inner tag of the final
packet.
You cannot include the inner-vlan-id statement with the swap statement, swap-push
statement,push-pushstatement,orpush-swapstatementandthe inner-vlan-idstatement
at the [edit logical-systems logical-system-name interfaces interface-name
unit logical-unit-number output-vlan-map] hierarchy level. If you include any of those
statements in the output VLANmap, the VLAN ID in the outgoing frame is rewritten to
the inner-vlan-id statement you include at the [edit interfaces interface-name unit
logical-unit-number] hierarchy level.
Options number—VLAN ID number. When used for input VLANmaps, you can specify the
$junos-inner-vlan-map-id predefined variable to dynamically obtain the VLAN
identifier.
Range: 0 through 4094
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Inner and Outer TPIDs and VLAN IDs
329Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
inner-vlan-id-swap-ranges
Syntax inner-vlan-id-swap-ranges low-inner-tag–high-inner-tag;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 17.2R1.
Description Define core-facing VLAN ID ranges fromwhich an inner VLAN ID tag can be allocated to
replace the outer VLAN tag that was appended by the access node on the upstream
packets to the BNG in a Layer 2 wholesale network. The tag swap occurs before the
subscriber traffic is forwarded to the network service provider (NSP). You can configure
up to 32 non-overlapping inner VLAN ID ranges per core-facing physical interface for
VLAN-OOB subscribers.
You can add or remove ranges or increase or decrease the size of existing ranges even
while Layer 2 wholesale sessions are assigned to the core-facing interface associated
with the ranges. You cannot remove a range fromwhich a VLAN ID has already been
allocated. You cannot reduce a range if the new range excludes a VLAN ID that has
already been allocated.
Options low-inner-tag—Inner (core-facing) VLAN ID tag representing the lower limit of the swaprange.
Range: 1 through 4094.
high-inner-tag—Inner (core-facing)VLAN ID tag representing the upper limit of the swaprange.
Range: 1 through 4094.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringMultipleNon-OverlappingVLANRanges forCore-FacingPhysical Interfaces
on page 177
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
Copyright © 2018, Juniper Networks, Inc.330
Broadband Subscriber ManagementWholesale Feature Guide
input-vlan-map (Dynamic Interfaces)
Syntax input-vlan-map {inner-tag-protocol-id tpid;inner-vlan-id number;(push | swap);tag-protocol-id tpid;vlan-id number;
}
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 10.4.
Description For dynamic interfaces, define the rewrite profile to be applied to incoming frames on
this logical interface.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Stacking and Rewriting VLAN Tags for the Layer 2Wholesale Solution on page 80
331Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
interface (DHCP Local Server)
Syntax interface interface-name {access-profile profile-name;exclude;overrides {asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match <option60-and-option82 | incoming-interface>;client-negotiation-match incoming-interface;interface-client-limit number;rapid-commit;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}
Hierarchy Level [edit system services dhcp-local-server group group-name],[edit system services dhcp-local-server dhcpv6 group group-name],[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server ...],
[edit logical-systems logical-system-name system services dhcp-local-server ...],[edit routing-instances routing-instance-name system services dhcp-local-server ...]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Options upto and exclude introduced in Junos OS Release 9.1.
Description Specify one or more interfaces, or a range of interfaces, that are within a specified group
on which the DHCP local server is enabled. You can repeat the interface interface-name
statement to specifymultiple interfaceswithin a group, but you cannot specify the same
interface in more than one group. Also, you cannot use an interface that is being used by
the DHCP relay agent.
NOTE: DHCP values are supported in integrated routing and bridging (IRB)configurations.Whenyouconfigurean IRB interface inanetwork that is usingDHCP, the DHCP information (for example, authentication, addressassignment, and so on) is propagated in the associated bridge domain. Thisenables the DHCP server to configure client IP addresses residing within thebridge domain. IRB currently supports only static DHCP configurations.
Options exclude—Exclude an interface or a range of interfaces from the group. This option and
the overrides option are mutually exclusive.
interface-name—Name of the interface. You can repeat this option multiple times.
Copyright © 2018, Juniper Networks, Inc.332
Broadband Subscriber ManagementWholesale Feature Guide
upto-interface-name—Upper end of the range of interfaces; the lower end of the range is
the interface-name entry. The interface device name of the upto-interface-name
must be the same as the device name of the interface-name.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Extended DHCP Local Server Overview
• Grouping Interfaces with Common DHCP Configurations
• Using External AAA Authentication Services with DHCP
333Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
interface (DHCP Relay Agent)
Syntax interface dhcp-interface-name {access-profile profile-name;exclude;overrides {allow-no-end-optionallow-snooped-clients;always-write-giaddr;always-write-option-82;asymmetric-lease-time seconds;asymmetric-prefix-lease-time seconds;client-discover-match <option60-and-option82 | incoming-interface>;client-negotiation-match incoming-interface;disable-relay;dual-stack dual-stack-group-name;interface-client-limit number;layer2-unicast-replies;no-allow-snooped-clients;proxy-mode;relay-sourcereplace-ip-source-with;send-release-on-delete;trust-option-82;
}service-profile dynamic-profile-name;trace;upto upto-interface-name;
}
Hierarchy Level [edit forwarding-options dhcp-relay dhcpv6 group group-name],[edit forwarding-options dhcp-relay group group-name],[edit logical-systems logical-system-name forwarding-options dhcp-relay ...],[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay ...],
[edit routing-instances routing-instance-name forwarding-options dhcp-relay ...]
Release Information Statement introduced in Junos OS Release 8.3.
Options upto and exclude introduced in Junos OS Release 9.1.
Support at the [edit ... dhcpv6] hierarchy levels introduced in Junos OS Release 11.4.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Specify one or more interfaces, or a range of interfaces, that are within a specified group
on which the DHCP or DHCPv6 relay agent is enabled. You can repeat the interface
interface-name statement to specify multiple interfaces within a group, but you cannot
specify the same interface in more than one group. Also, you cannot use an interface
that is being used by the DHCP local server. Use the statement at the [edit ... dhcpv6]
hierarchy levels to configure DHCPv6 support.
EX Series switches do not support DHCPv6.
Copyright © 2018, Juniper Networks, Inc.334
Broadband Subscriber ManagementWholesale Feature Guide
NOTE: DHCP values are supported in integrated routing and bridging (IRB)configurations.Whenyouconfigurean IRB interface inanetwork that is usingDHCP, the DHCP information (for example, authentication, addressassignment, and so on) is propagated in the associated bridge domain. Thisenables the DHCP server to configure client IP addresses residing within thebridge domain. IRB currently only supports static DHCP configurations. .
Options exclude—Exclude an interface or a range of interfaces from the group. This option and
the overrides option are mutually exclusive.
interface-name—Name of the interface. You can repeat this option multiple times.
overrides—Override the specified default configuration settings for the interface. The
overrides statement is described separately.
upto-interface-name—Upper end of the range of interfaces; the lower end of the range is
the interface-name entry. The interface device name of the upto-interface-name
must be the same as the device name of the interface-name.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Extended DHCP Relay Agent Overview
• Grouping Interfaces with Common DHCP Configurations
• Using External AAA Authentication Services with DHCP
335Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
interface (Dynamic Routing Instances)
Syntax interface interface-name;
Hierarchy Level [edit dynamic-profiles profile-namerouting-instances routing-instance-name]
Release Information Statement introduced in Junos OS Release 9.6.
Description Assign the specified interface to the dynamically created routing instance.
Options interface-name—The interface name variable ($junos-interface-name). The interface
name variable is dynamically replaced with the interface the accessing client uses
when connecting to the router.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
Copyright © 2018, Juniper Networks, Inc.336
Broadband Subscriber ManagementWholesale Feature Guide
interface (Routing Instances)
Syntax interface interface-name {description text;
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit routing-instances routing-instance-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.2 for EX Series switches.
Statement introduced in Junos OS Release 12.3 for ACX Series routers.
Statement introduced in Junos OS Release 13.2 for MX 3D Series routers.
Description Specify the interface over which the VPN traffic travels between the PE device and CE
device. You configure the interface on the PE device. If the value vrf is specified for the
instance-type statement included in the routing instance configuration, this statement
is required.
Options interface-name—Name of the interface.
The remaining statement is explained separately. See CLI Explorer.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Routing Instances on PE Routers in VPNs
• Configuring EVPN Routing Instances
• Configuring EVPN Routing Instances on EX9200 Switches
• interface (VPLS Routing Instances)
337Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
interface-mac-limit (VPLS)
Syntax interface-mac-limit limit {packet-action drop;
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls site site-name interfaces interface-name],
[edit routing-instances routing-instance-name protocols evpn],[edit routing-instances routing-instance-name protocols evpn interface interface-name],[edit routing-instances routing-instance-name protocols vpls site site-name interfacesinterface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Support for EVPNs introduced in Junos OS Release 13.2 on MX 3D Series routers.
Support for EVPNs introduced in Junos OS Release 14.2 on EX Series switches.
Description Specify the maximum number of media access control (MAC) addresses that can be
learned by the EVPN or VPLS routing instance. You can configure the same limit for all
interfaces configured for a routing instance. You can also configure a limit for a specific
interface.
Starting with Junos OS Release 12.3R4, if you do not configure the parameter to limit the
number of MAC addresses to be learned by a VPLS instance, the default value is not
effective. Instead, if you do not include the interface-mac-limit option at the [edit
logical-systems logical-system-name routing-instances routing-instance-name protocols
vpls site site-name interfaces interface-name], hierarchy level, this setting is not present
in the configuration with the default value of 1024 addresses. If you upgrade a router
running a Junos OS release earlier than Release 12.3R4 to Release 12.3R4 or later, you
must configure the interface-mac-limit option with a valid value for it to be saved in the
configuration.
Options limit—Number of MAC addresses that can be learned from each interface.
Range: 1 through 131,071 MAC addresses
NOTE: ForM120devicesonly, the range is 16 through65,536MACaddresses.
Default: 1024 addresses
The remaining statement is explained separately. See CLI Explorer.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
Configuring EVPN Routing Instances•
Copyright © 2018, Juniper Networks, Inc.338
Broadband Subscriber ManagementWholesale Feature Guide
• Configuring EVPN Routing Instances on EX9200 Switches
• Configuring VPLS Routing Instances
• interface
• mac-table-size
339Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
interfaces (Static and Dynamic Subscribers)
Syntax interfaces {interface-name {unit logical-unit-number {actual-transit-statistics;auto-configure {agent-circuit-identifier {dynamic-profile profile-name;
}line-identity {include {accept-no-ids;circuit-id;remote-id;
}dynamic-profile profile-name;
}}family family {access-concentrator name;address address;direct-connect;duplicate-protection;dynamic-profile profile-name;filter {adf {counter;input-precedence precedence;not-mandatory;output-precedence precedence;rule rule-value;
}input filter-name {precedence precedence;shared-name filter-shared-name;
}output filter-name {precedence precedence;shared-name filter-shared-name;
}}max-sessions number;max-sessions-vsa-ignore;rpf-check {mode loose;
}service {input {service-set service-set-name {service-filter filter-name;
}post-service-filter filter-name;
}
Copyright © 2018, Juniper Networks, Inc.340
Broadband Subscriber ManagementWholesale Feature Guide
output {service-set service-set-name {service-filter filter-name;
}}
}service-name-table table-nameshort-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds>;
unnumbered-address interface-name <preferred-source-address address>;}filter {input filter-name (precedence precedence;shared-name filter-shared-name;
}output filter-name {precedence precedence;shared-name filter-shared-name;
}}host-prefix-only;ppp-options {chap;pap;
}proxy-arp;service {pcef pcef-profile-name {activate rule-name | activate-all;
}}vlan-id;vlan-tags outer [tpid].vlan-id [inner [tpid].vlan-id];
}vlan-tagging;
}interface-set interface-set-name {interface interface-name {unit logical unit number {advisory-options {downstream-rate rate;upstream-rate rate;
}}
}pppoe-underlying-options {max-sessions number;
}}demux0 {unit logical-unit-number {demux-options {underlying-interface interface-name
}family family {
341Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
access-concentrator name;address address;direct-connect;duplicate-protection;dynamic-profile profile-name;demux-source {source-prefix;
}filter {input filter-name (precedence precedence;shared-name filter-shared-name;
}output filter-name {precedence precedence;shared-name filter-shared-name;
}}mac-validate (loose | strict):max-sessions number;max-sessions-vsa-ignore;rpf-check {fail-filter filter-name;mode loose;
}service-name-table table-nameshort-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds>;
unnumbered-address interface-name <preferred-source-address address>;}filter {input filter-name;output filter-name;
}vlan-id number;vlan-tags outer [tpid].vlan-id [inner [tpid].vlan-id];
}}pp0 {unit logical-unit-number {keepalives interval seconds;no-keepalives;pppoe-options {underlying-interface interface-name;server;
}ppp-options {aaa-options aaa-options-name;authentication [ authentication-protocols ];chap {challenge-lengthminimumminimum-lengthmaximummaximum-length;
}ignore-magic-number-mismatch;initiate-ncp (ip | ipv6 | dual-stack-passive)ipcp-suggest-dns-option;mru size;
Copyright © 2018, Juniper Networks, Inc.342
Broadband Subscriber ManagementWholesale Feature Guide
mtu (size | use-lower-layer);on-demand-ip-address;pap;peer-ip-address-optional;
}family inet {unnumbered-address interface-name;address address;service {input {service-set service-set-name {service-filter filter-name;
}post-service-filter filter-name;
}output {service-set service-set-name {service-filter filter-name;
}}
}filter {input filter-name {precedence precedence;shared-name filter-shared-name;
}output filter-name {precedence precedence;shared-name filter-shared-name;
}}
}}
}}
Hierarchy Level [edit dynamic-profiles profile-name]
Release Information Statement introduced in Junos OS Release 9.2.
Description Define interfaces for dynamic profiles.
343Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Options interface-name—The interfacevariable ($junos-interface-ifd-name). The interfacevariable
isdynamically replacedwith the interface theDHCPclientaccesseswhenconnecting
to the router.
NOTE: Thoughwedonot recommend it, youcanalsoenter thespecificnameof the interface you want to assign to the dynamic profile.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles
• Configuring Dynamic PPPoE Subscriber Interfaces
• Configuring Dynamic VLANs Based on Agent Circuit Identifier Information
• DHCP Subscriber Interface Overview
• Configuring Subscribers over Static Interfaces
• Demultiplexing Interface Overview
Copyright © 2018, Juniper Networks, Inc.344
Broadband Subscriber ManagementWholesale Feature Guide
interval (Flat-File Accounting Options)
Syntax intervalminutes;
Hierarchy Level [edit accounting-options flat-file-profile profile-name]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify the interval in minutes at which the Packet Forwarding Engine associated with
the interface is polled to collect the statistics specified in the flat-file accounting profile.
These interim accounting results are recorded in the flat file.
NOTE: The value configured with this statement is superseded by the valueconfigured with the update-interval statement at the [edit access profile
profile-name service accounting] hierarchy level. That access profile interval
value is in turn superseded by an update interval value configured in theRADIUS attribute, Service-Interim-Acct-Interval (VSA 26–140).
Options minutes—Polling interval.
Range: 1 through 2880minutes
Default: 15 minutes
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Configuring Service Accounting in Local Flat Files on page 193
• Flat-File Accounting Overview on page 181
345Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
instance-role
Syntax instance-role (access | nni);
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit routing-instances routing-instance-name]
Release Information Statement introduced in Junos OS Release 11.2.
Description Define the role of the routing instance in a Layer 2Wholesale network.
Options access—Defines the connectivity role of the routing instance in a Layer 2Wholesale
network as an access routing instance.When defined for this role, the same process
occurs as in a Layer 3Wholesale network—when the first packet is received from a
givenclient, authentication for theclient initiateswithanexternal entity (for example,
RADIUS). If authentication is successful, a logical interface is created with the
appropriate outer and inner VLAN tags for that client.
nni—Defines the connectivity role of the routing instance in a Layer 2Wholesale network
as a network to network interface (NNI) routing instance.When defined for this role,
only outer VLAN tags are learned. In addition,when theNNI routing instance receives
a response fromthe ISP, thepacketsare forwarded to theappropriate client, provided
the packet has the same two tags that were verified during authentication.
NOTE: If youconnectanaccessnodeorMSANdevice toa routerparticipatingin theLayer2Wholesalenetwork inanNNI role, youmustcreateanewroutinginstance of type l2backhaul-vpnwith an instance role of type access for that
connection.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringSeparateAccessRouting Instances for Layer 2WholesaleServiceRetailers
on page 86
• Configuring Separate NNI Routing Instances for Layer 2Wholesale Service Retailers
on page 89
• Subscriber Management Overview
Copyright © 2018, Juniper Networks, Inc.346
Broadband Subscriber ManagementWholesale Feature Guide
instance-type
Syntax instance-type type;
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit routing-instances routing-instance-name]
Release Information Statement introduced before Junos OS Release 7.4.
virtual-switch and layer2-control options introduced in Junos OS Release 8.4.
Statement introduced in Junos OS Release 9.2 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.
Statement introduced in Junos OS Release 12.3 for ACX Series routers.
mpls-internet-multicast option introduced in Junos OS Release 11.1 for the EX Series, M
Series, MX Series, and T Series.
evpn option introduced in Junos OS Release 13.2 for MX 3D Series routers.
evpn option introduced in Junos OS Release 17.3 for the QFX Series.
forwarding option introduced in Junos OS Release 14.2 for the PTX Series.
mpls-forwarding option introduced in Junos OS Release 16.1 for the MX Series.
evpn-vpws option introduced in Junos OS Release 17.1 for MX Series routers.
Support for logical systems on MX Series routers added in Junos OS Release 17.4R1.
Description Define the type of routing instance.
Options NOTE: On ACX Series routers, you can configure only the forwarding, virtualrouter, and VRF routing instances.
type—Can be one of the following:
• evpn—(MX3DSeries routers,QFXswitchesandEX9200switches)—EnableanEthernet
VPN (EVPN) on the routing instance.
hierarchy level.
• evpn-vpws—Enable an Ethernet VPN (EVPN) Virtual PrivateWire Service (VPWS) on
the routing instance.
• forwarding—Provide support for filter-based forwarding, where interfaces are not
associatedwith instances.All interfacesbelong to thedefault instance.Other instances
are used for populating RPD learned routes. For this instance type, there is no
one-to-onemappingbetweenan interfaceanda routing instance.All interfacesbelong
to the default instance inet.0.
• l2backhaul-vpn—Provide support for Layer 2 wholesale VLAN packets with no existing
corresponding logical interface. When using this instance, the router learns both the
outer tag and inner tag of the incoming packets, when the instance-role statement is
defined as access, or the outer VLAN tag only, when the instance-role statement is
defined as nni.
347Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• l2vpn—Enable a Layer 2 VPNon the routing instance. Youmust configure the interface,
route-distinguisher, vrf-import, and vrf-export statements for this type of routing
instance.
• layer2-control—(MXSeries routersonly)Provide support forRSTPorMSTP incustomer
edge interfaces of a VPLS routing instance. This instance type cannot be used if the
customeredge interface ismultihomed to twoprovider edge interfaces. If thecustomer
edge interface is multihomed to two provider edge interfaces, use the default BPDU
tunneling.
• mpls-forwarding—(MX Series routers only) Allow filtering and translation of route
distinguisher (RD)values in IPv4and IPv6VPNaddress familiesonboth routes received
and routes sent for selected BGP sessions. In particular, for Inter-AS VPNOption-B
networks, this option can prevent the malicious injection of VPN labels from one peer
AS boundary router to another.
• mpls-internet-multicast—(EX Series, M Series, MX Series, and T Series routers only)
Provide support for ingress replication provider tunnels to carry IP multicast data
between routers through an MPLS cloud, using MBGP or next-generation MVPN.
• no-forwarding—This is the default routing instance. Do not create a corresponding
forwarding instance. Use this routing instance type when a separation of routing table
information is required. There is no corresponding forwarding table. All routes are
installed into the default forwarding table. IS-IS instances are strictly nonforwarding
instance types.
• virtual-router—Enable a virtual router routing instance. This instance type is similar to
aVPNroutingand forwarding instance type, butused fornon-VPN-relatedapplications.
Youmust configure the interface statement for this type of routing instance. You do
not need to configure the route-distinguisher, vrf-import, and vrf-export statements.
• virtual-switch—(MXSeries routers, EX9200 switches, and QFX switches only) Provide
support for Layer 2 bridging. Use this routing instance type to isolate a LAN segment
with its Spanning Tree Protocol (STP) instance and to separate its VLAN identifier
space.
• vpls—Enable VPLS on the routing instance. Use this routing instance type for
point-to-multipoint LAN implementations between a set of sites in a VPN. Youmust
configure the interface, route-distinguisher, vrf-import, and vrf-export statements for
this type of routing instance.
• vrf—VPN routing and forwarding (VRF) instance. Provides support for Layer 3 VPNs,
where interface routes for each instance go into the corresponding forwarding table
only. Required to create a Layer 3 VPN. Create a VRF table (instance-name.inet.0) that
contains the routes originating from and destined for a particular Layer 3 VPN. For this
instance type, there is a one-to-onemapping between an interface and a routing
instance.EachVRF instancecorrespondswitha forwarding table.Routesonan interface
go into the corresponding forwarding table. Youmust configure the interface,
route-distinguisher, vrf-import, and vrf-export statements for this type of routing
instance.
Copyright © 2018, Juniper Networks, Inc.348
Broadband Subscriber ManagementWholesale Feature Guide
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Routing Instances on PE Routers in VPNs
• Configuring EVPN Routing Instances
• Configuring EVPN Routing Instances on EX9200 Switches
• OBSOLETE Configuring Virtual Router Routing Instances
• Example: Configuring Filter-Based Forwarding on the Source Address
• Example: Configuring Filter-Based Forwarding on Logical Systems
• vpws-service-id
ip-address-first
Syntax ip-address-first;
Hierarchy Level [edit logical-systems logical-system-name system services dhcp-local-serverpool-match-order],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server pool-match-order],
[edit routing-instances routing-instance-name system services dhcp-local-serverpool-match-order],
[edit system services dhcp-local-server pool-match-order]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Configure the extended DHCP local server to use the IP address method to determine
whichaddress-assignmentpool touse.The local serveruses the IPaddress in thegateway
IP address if one is present in the DHCP client PDU. If no gateway IP address is present,
the local server uses the IP address of the receiving interface to find the
address-assignment pool. The DHCP local server uses this method by default when no
method is explicitly specified.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringHowtheExtendedDHCPLocalServerDeterminesWhichAddress-Assignment
Pool to Use
• Extended DHCP Local Server Overview
• Address-Assignment Pools Overview
349Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
keepalives (Dynamic Profiles)
Syntax keepalives {interval seconds;}
Hierarchy Level [edit dynamic-profiles profile-name interfaces pp0 unit logical-unit-number ][edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”][edit dynamic-profiles profile-name interfaces "$junos-interface-ifd-name" unit“$junos-interface-unit”]
Release Information Statement introduced in Junos OS Release 9.5.
Support at the [edit dynamic-profiles profile-name interfaces pp0 unit
“$junos-interface-unit”] hierarchy level introduced in Junos OS Release 10.1.
Support at the [editdynamic-profilesprofile-name interfaces"$junos-interface-ifd-name"
unit “$junos-interface-unit”] hierarchy level introduced in Junos OS Release 12.2.
Description Specify the keepalive interval in a PPP dynamic profile.
Default Sending of keepalives is enabled by default.
Options interval seconds—The time in seconds between successive keepalive requests.
Range: 1 through 32767 seconds
Default: 30 seconds for LNS-basedPPP sessions. 10 seconds for all other PPP sessions.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Dynamic Profiles Overview
• Configuring Dynamic Authentication for PPP Subscribers
• Applying PPP Attributes to L2TP LNS Subscribers per Inline Service Interface
Copyright © 2018, Juniper Networks, Inc.350
Broadband Subscriber ManagementWholesale Feature Guide
l2-stats (Flat-File Accounting Options)
Syntax l2-stats {all-fields;input-mcast-bytes;input-mcast-packets;
}
Hierarchy Level [edit accounting-options flat-file-profile profile-name fields]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify the statistics to collect for the named flat-file-profile field.
Options all-fields—Collect all Layer 2 statistics for the named flat-file profile.
input-mcast-bytes—Collect multicast bytes from the input side for the named flat-file
profile.
input-mcast-packets—Collectmulticastpackets fromthe input side for thenamed flat-file
profile.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
351Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
mac-validate (Dynamic IP Demux Interface)
Syntax mac-validate (loose | strict);
Hierarchy Level [edit dynamic-profiles profile-name interfaces demux0 unit logical-unit-number family inet]
Release Information Statement introduced in Junos OS Release 9.3.
Description Enable IP and MAC address validation for dynamic IP demux interfaces in a dynamic
profile.
Options loose—Forwards incomingpacketswhenboth the IP source address and theMACsource
addressmatch one of the trusted address tuples. Drops packets when the IP source
address matches one of the trusted tuples, but the MAC address does not match
the MAC address of the tuple. Continues to forward incoming packets when the
source address of the incoming packet does not match any of the trusted IP
addresses.
strict—Forwards incoming packetswhenboth the IP source address and theMAC source
address match one of the trusted address tuples. Drops packets when the MAC
address does notmatch the tuple's MAC source address, or when IP source address
of the incoming packet does not match any of the trusted IP addresses.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring MAC Address Validation for Subscriber Interfaces
Copyright © 2018, Juniper Networks, Inc.352
Broadband Subscriber ManagementWholesale Feature Guide
multicast-replication
Syntax multicast-replication {ingress;local-latency-fairness;
}
Hierarchy Level [edit forwarding-options]
Release Information Statement introduced in Junos OS Release 15.1 for MX Series routers.
Description Configure the mode of multicast replication that helps to optimize multicast latency.
NOTE: Themulticast-replication statement is supported only on platforms
with the enhanced-ipmode enabled.
Default This statement is disabled by default.
Options ingress—Complete ingress replication of themulticast data packets where all the egress
Packet Forwarding Engines receive packets from the ingress Packet Forwarding
Engines directly.
local-latency-fairness—Complete parallel replication of the multicast data packets.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• forwarding-options on page 316
353Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
neighbor (Define ANCP)
Syntax neighbor ip-address {adjacency-loss-hold-time seconds;adjacency-timer;auto-configure-trigger interface interface-name;ietf-mode;maximum-discovery-table-entries entry-number;pre-ietf-mode;
}
Hierarchy Level [edit protocols ancp]
Release Information Statement introduced in Junos OS Release 9.4.
Description ConfigureanANCPneighborwithwhich theANCPagenton the router formsanadjacency
for reporting and shaping traffic.
Options ip-address—IP address of the ANCP neighbor.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring the ANCP Agent
• Configuring ANCP Neighbors on page 169
Copyright © 2018, Juniper Networks, Inc.354
Broadband Subscriber ManagementWholesale Feature Guide
no-local-switching
Syntax no-local-switching
Hierarchy Level [edit vlans vlan-name]
Release Information Statement introduced in Junos OS Release 9.3 for EX Series switches.
Statement introduced in Junos OS Release 12.1 for the QFX Series.
Description Specify that access ports in this VLANdomain do not forward packets to each other. You
use this statement with primary VLANs and isolated secondary VLANs.
Required PrivilegeLevel
system—To view this statement in the configuration.
system–control—To add this statement to the configuration.
routing—To view this statement in the configuration.
routing–control—To add this statement to the configuration.
RelatedDocumentation
• Creating a Private VLAN on a Single QFX Switch
• Creating a Private VLAN Spanning Multiple QFX Series Switches
355Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
no-tunnel-services
Syntax no-tunnel-services;
Hierarchy Level [edit logical-systems logical-system-name protocols vpls static-vpls],[edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls],
[edit protocols vpls static-vpls],[edit routing-instances routing-instance-name protocols vpls]
Release Information Statement introduced in Junos OS Release 7.6.
Support for static VPLS added in Junos OS Release 10.2.
Description Configure VPLS on a router without a Tunnel Services PIC. Configuring the
no-tunnel-services statement creates a label-switched interface (LSI) to provide VPLS
functionality. An LSI MPLS label is used as the inner label for VPLS. This label maps to
a VPLS routing instance. On the PE router, the LSI label is stripped and thenmapped to
a logical LSI interface. TheLayer 2Ethernet frame is then forwardedusing theLSI interface
to the correct VPLS routing instance.
NOTE: In VPLS documentation, the word Router in terms such as PR Routeris used to refer to any device that provides routing functions.
NOTE:
OnMX Series routers, label-switched interfaces configured with theno-tunnel-services statement are not supported with GRE tunnels when the
GRE interface resides on a DPC.
NOTE: Although visible in the CLI, the no-tunnel-services statement is not
supported on DPC cards at the [edit logical-systems logical-system-name
protocols vpls static-vpls] and the [edit logical-systems logical-system-name
routing-instances routing-instance-name protocols vpls] hierarchy levels.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
Configuring VPLSWithout a Tunnel Services PIC•
• Configuring Static Pseudowires for VPLS
Copyright © 2018, Juniper Networks, Inc.356
Broadband Subscriber ManagementWholesale Feature Guide
• Configuring EXP-Based Traffic Classification for VPLS
maximum-lease-time
Syntax maximum-lease-time seconds;
Hierarchy Level [edit access address-assignment pool pool-name family (inet | inet6) dhcp-attributes],[edit access protocol-attributes attribute-set-name]
Release Information Statement introduced in Junos OS Release 9.0.
Description Specify the maximum length of time, in seconds, that the lease is held for a client if the
client does not renew the lease. This is equivalent to DHCP option 51. The
maximum-lease-time is mutually exclusive with both the preferred-lifetime and the
valid-lifetime, and cannot be configured with either timer.
Options seconds—Maximum number of seconds the lease can be held.
Range: 30 through 4,294,967,295 seconds
Default: 86,400 (24 hours)
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Address-Assignment Pools
• DHCP Attributes for Address-Assignment Pools
• preferred-lifetime (Address-Assignment Pools)
• valid-lifetime (Address-Assignment Pools)
357Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
overall-packet (Flat-File Accounting Options)
Syntax overall-packet {all-fields;input-bytes;input-discards;input-errors;input-packets;inputv6-bytes;inputv6-packets;output-bytes;output-errors;output-packets;outputv6-bytes;outputv6-packets;
}
Hierarchy Level [edit accounting-options flat-file-profile profile-name fields]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify overall packet statistics to be collected for the interface.
Options all-fields—Collect all overall packet statistics available for the interface context, logicalor physical.
input-bytes—Collect the number of octets received on the interface.
input-discards—(Physical interfaces only ) Collect the number of received packets thatwere discarded on the interface.
input-errors—(Physical interfacesonly )Collect thenumberof frameswitherrors receivedon the interface.
input-packets—Collect the number of packets received on the interface.
input-v6-bytes—Collect the number of IPv6 octets received on the interface.
input-v6-packets—Collect the number of IPv6 packets received on the interface.
output-bytes—Collect the number of octets transmitted on the interface.
output-errors—(Physical interfaces only ) Collect the number of frames that could notbe transmitted on the interface because of errors.
output-packets—Collect the number of packets transmitted on the interface.
output-v6-bytes—Collect the number of IPv6 octets transmitted on the interface.
output-v6-packets—Collect the number of IPv6 packets transmitted on the interface.
Copyright © 2018, Juniper Networks, Inc.358
Broadband Subscriber ManagementWholesale Feature Guide
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
output-vlan-map (Dynamic Interfaces)
Syntax output-vlan-map {inner-tag-protocol-id tpid;inner-vlan-id number;(pop | swap);tag-protocol-id tpid;vlan-id number;
}
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 10.4.
Description For dynamic interfaces, define the rewrite profile to be applied to outgoing frames on
this logical interface.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Stacking and Rewriting VLAN Tags for the Layer 2Wholesale Solution on page 80
359Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
pap (Dynamic PPP)
Syntax pap;
Hierarchy Level [editdynamic-profilesprofile-name interfacespp0unit “$junos-interface-unit”ppp-options],[edit dynamic-profiles profile-name interfaces "$junos-interface-ifd-name" unit“$junos-interface-unit” ppp-options]
Release Information Statement introduced in Junos OS Release 9.5.
Support at the [editdynamic-profilesprofile-name interfaces"$junos-interface-ifd-name"
unit “$junos-interface-unit” ppp-options] hierarchy level introduced in Junos OS Release
12.2.
Description Specify PAP authentication in a PPP dynamic profile.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Dynamic Profiles Overview
• Configuring Dynamic Authentication for PPP Subscribers
• Attaching Dynamic Profiles to Static PPP Subscriber Interfaces
• Applying PPP Attributes to L2TP LNS Subscribers per Inline Service Interface
Copyright © 2018, Juniper Networks, Inc.360
Broadband Subscriber ManagementWholesale Feature Guide
pool (Address-Assignment Pools)
Syntax pool pool-name {active-drain;family family {dhcp-attributes {[ protocol-specific attributes ]
}excluded-address ip-address;excluded-range name lowminimum-value highmaximum-value;host hostname {hardware-addressmac-address;ip-address ip-address;
}network ip-prefix/<prefix-length>;prefix ipv6-prefix;range range-name {high upper-limit;low lower-limit;prefix-length prefix-length;
}}hold-down;link pool-name;linked-pool-aggregation;
}
Hierarchy Level [edit access address-assignment]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Configure the name of an address-assignment pool.
NOTE: Subordinate statement support depends on the platform. Seeindividual statement topics for more detailed support information.
Options pool-name—Name assigned to the address-assignment pool.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Address-Assignment Pools Overview
• Configuring Address-Assignment Pools
361Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
pool-match-order
Syntax pool-match-order {external-authority;ip-address-first;option-82;
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server],
[edit logical-systems logical-system-name system services dhcp-local-server],[edit routing-instances routing-instance-name system services dhcp-local-server],[edit system services dhcp-local-server]
Release Information Statement introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 12.1.
Description Configure the order in which the DHCP local server uses information in the DHCP client
PDU to determine how to obtain an address for the client.
The remaining statements are explained separately. See CLI Explorer.
Default DHCP local server uses the ip-address-firstmethod to determine which address pool to
use.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringHowtheExtendedDHCPLocalServerDeterminesWhichAddress-Assignment
Pool to Use
• Extended DHCP Local Server Overview
Copyright © 2018, Juniper Networks, Inc.362
Broadband Subscriber ManagementWholesale Feature Guide
pop (Dynamic VLANs)
Syntax pop;
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-numberoutput-vlan-map]
Release Information Statement introduced in Junos OS Release 10.4.
Description For dynamic VLAN interfaces, specify the VLAN rewrite operation to remove a VLAN tag
from the top of the VLAN tag stack. The outer VLAN tag of the frame is removed.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Removing a VLAN Tag
• Stacking and Rewriting VLAN Tags for the Layer 2Wholesale Solution on page 80
pppoe-options (Dynamic PPPoE)
Syntax pppoe-options {underlying-interface interface-name;server;
}
Hierarchy Level [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”]
Release Information Statement introduced in Junos OS Release 10.1.
Description Configure the underlying interface and PPPoE server mode for a dynamic PPPoE logical
interface in a dynamic profile.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a PPPoE Dynamic Profile
• Configuring Dynamic PPPoE Subscriber Interfaces
363Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
pppoe-underlying-options (Static and Dynamic Subscribers)
Syntax pppoe-underlying-options {access-concentrator name;dynamic-profile profile-name;direct-connectduplicate-protection;max-sessions number;max-sessions-vsa-ignore;service-name-table table-name;short-cycle-protection <lockout-time-minminimum-seconds> <lockout-time-maxmaximum-seconds> <filter [aci]>;
}
Hierarchy Level [edit interfaces interface-name unit logical-unit-number],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-number]
Release Information Statement introduced in Junos OS Release 10.0.
Description Configure PPPoE-specific interface properties for the underlying interface on which the
router creates a static or dynamic PPPoE logical interface. The underlying interfacemust
be configured with PPPoE (ppp-over-ether) encapsulation.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring PPPoE (for static interfaces)
• Configuring an Underlying Interface for Dynamic PPPoE Subscriber Interfaces
• Assigning a Service Name Table to a PPPoE Underlying Interface
Copyright © 2018, Juniper Networks, Inc.364
Broadband Subscriber ManagementWholesale Feature Guide
ppp-options (Dynamic PPP)
Syntax ppp-options {aaa-options aaa-options-name;authentication [ authentication-protocols ];chap {challenge-lengthminimumminimum-lengthmaximummaximum-length;
}ignore-magic-number-mismatch;initiate-ncp (ip | ipv6 | dual-stack-passive)ipcp-suggest-dns-option;mru size;mtu (size | use-lower-layer);on-demand-ip-address;pap;peer-ip-address-optional;
}
Hierarchy Level [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”],[edit dynamic-profiles profile-name interfaces "$junos-interface-ifd-name" unit“$junos-interface-unit”]
Release Information Statement introduced in Junos OS Release 9.5.
Support at the [editdynamic-profilesprofile-name interfaces"$junos-interface-ifd-name"
unit “$junos-interface-unit”] hierarchy level introduced in Junos OS Release 12.2.
Description Configure PPP-specific interface properties in a dynamic profile.
The remaining statements are explained separately. See CLI Explorer.
NOTE:
PPP options can also be configured in a group profile with the ppp-options
(L2TP)statement.Thefollowingbehaviordetermines the interactionbetween
thePPPoptionsconfigured inagroupprofile and thePPPoptionsconfiguredin a dynamic profile:
• WhenPPPoptionsareconfiguredonly in thegroupprofile, thegroupprofileoptions are applied to the subscriber.
• When PPP options are configured in both a group profile and a dynamicprofile, the dynamic profile configuration takes complete precedence overthegroupprofilewhen thedynamicprofile includesoneormoreof thePPPoptions that can be configured in the group profile. Complete precedencemeans that there is nomerging of options between the profiles. The groupprofile is applied to the subscriber only when the dynamic profile does notinclude any PPP option available in the group profile.
365Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Dynamic Profiles Overview
• Configuring a PPPoE Dynamic Profile
• Configuring Dynamic Authentication for PPP Subscribers
• Attaching Dynamic Profiles to Static PPP Subscriber Interfaces
• Applying PPP Attributes to L2TP LNS Subscribers per Inline Service Interface
prefix (Address-Assignment Pools)
Syntax prefix ipv6-prefix;
Hierarchy Level [edit access address-assignment pool pool-name family inet6]
Release Information Statement introduced in Junos OS Release 10.0.
Statement introduced in Junos OS Release 12.3 for EX Series switches.
Description Specify the IPv6prefix for the IPv6address-assignmentpool.This statement ismandatory
for IPv6 address-assignment pools.
Options ipv6-prefix—The IPv6 prefix.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Address-Assignment Pools Overview
• Configuring Address-Assignment Pools
Copyright © 2018, Juniper Networks, Inc.366
Broadband Subscriber ManagementWholesale Feature Guide
profile (Access)
Syntax profile profile-name {accounting {address-change-immediate-updateaccounting-stop-on-access-deny;accounting-stop-on-failure;ancp-speed-change-immediate-update;coa-immediate-update;coa-no-override service-class-attribute;duplication;duplication-filter;duplication-vrf {access-profile-name profile-name;vrf-name vrf-name;
}immediate-update;order [ accounting-method ];send-acct-status-on-config-change;statistics (time | volume-time);update-intervalminutes;wait-for-acct-on-ack;
}accounting-order (radius | [accounting-order-data-list]);authentication-order [ authentication-methods ];client client-name {chap-secret chap-secret;group-profile profile-name;ike {allowed-proxy-pair {remote remote-proxy-address local local-proxy-address;
}pre-shared-key (ascii-text character-string | hexadecimal hexadecimal-digits);ike-policy policy-name;interface-id string-value;
}l2tp {aaa-access-profile profile-name;interface-id interface-id;lcp-renegotiation;local-chap;maximum-sessions number;maximum-sessions-per-tunnel number;multilink {drop-timeoutmilliseconds;fragment-threshold bytes;
}override-result-code session-out-of-resource;ppp-authentication (chap | pap);ppp-profile profile-name;service-profile profile-name(parameter)&profile-name;sessions-limit-group limit-group-name;shared-secret shared-secret;
}
367Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
pap-password pap-password;ppp {cell-overhead;encapsulation-overhead bytes;framed-ip-address ip-address;framed-pool framed-pool;idle-timeout seconds;interface-id interface-id;keepalive seconds;primary-dns primary-dns;primary-wins primary-wins;secondary-dns secondary-dns;secondary-wins secondary-wins;
}user-group-profile profile-name;
}domain-name-server;domain-name-server-inet;domain-name-server-inet6;local {flat-file-profile profile-name;
}preauthentication-order preauthentication-method;provisioning-order (gx-plus | jsrc | pcrf);radius {accounting-server [ ip-address ];attributes {exclude {attribute-name packet-type;standard-attribute number {packet-type [ access-request | accounting-off | accounting-on | accounting-start| accounting-stop ];
}vendor-id id-number {vendor-attribute vsa-number {packet-type[access-request | accounting-off | accounting-on |accounting-start| accounting-stop ];
}}
}ignore {dynamic-iflset-name;framed-ip-netmask;idle-timeout;input-filter;logical-system:routing-instance;output-filter;session-timeout;standard-attribute number;vendor-id id-number {vendor-attribute vsa-number;
}}
}authentication-server [ ip-address ];options {
Copyright © 2018, Juniper Networks, Inc.368
Broadband Subscriber ManagementWholesale Feature Guide
accounting-session-id-format (decimal | description);calling-station-id-delimiter delimiter-character;calling-station-id-format {agent-circuit-id;agent-remote-id;interface-description;interface-text-description;mac-address;nas-identifier;stacked-vlan;vlan;
}chap-challenge-in-request-authenticator;client-accounting-algorithm (direct | round-robin);client-authentication-algorithm (direct | round-robin);coa-dynamic-variable-validation;ethernet-port-type-virtual;interface-description-format {exclude-adapter;exclude-channel;exclude-sub-interface;
}juniper-dsl-attributes;nas-identifier identifier-value;nas-port-extended-format {adapter-widthwidth;ae-widthwidth;port-widthwidth;pw-widthwidth;slot-widthwidth;stacked-vlan-widthwidth;vlan-widthwidth;atm {adapter-widthwidth;port-widthwidth:slot-widthwidth;vci-widthwidth:vpi-widthwidth;
}}nas-port-id-delimiter delimiter-character;nas-port-id-format {agent-circuit-id;agent-remote-id;interface-description;interface-text-description;nas-identifier;order {agent-circuit-id;agent-remote-id;interface-description;interface-text-description;nas-identifier;postpend-vlan-tags;
}postpend-vlan-tags;
369Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}nas-port-type {ethernet {port-type;
}}revert-interval interval;service-activation {dynamic-profile (optional-at-login | required-at-login);extensible-service (optional-at-login | required-at-login);
}vlan-nas-port-stacked-format;
}preauthentication-server ip-address;
}radius-server server-address {accounting-port port-number;accounting-retry number;accounting-timeout seconds;dynamic-request-portport port-number;preauthentication-port port-number;preauthentication-secret password;retry attempts;routing-instance routing-instance-name;secret password;max-outstanding-requests value;source-address source-address;timeout seconds;
}service {accounting {statistics (time | volume-time);update-intervalminutes;
}accounting-order (activation-protocol | local | radius);
}session-options {client-idle-timeoutminutes;client-idle-timeout-ingress-only;client-session-timeoutminutes;strip-user-name {delimiter [ delimiter ];parse-direction (left-to-right | right-to-left);
}}
}
Hierarchy Level [edit access]
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure PPP CHAP, or a profile and its subscriber access, L2TP, or PPP properties.
Copyright © 2018, Juniper Networks, Inc.370
Broadband Subscriber ManagementWholesale Feature Guide
Options profile-name—Name of the profile.
For CHAP, the name serves as the mapping between peer identifiers and CHAP secret
keys. This entity is queried for the secret keywhenever aCHAPchallengeor response
is received.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring the PPP Authentication Protocol
• Configuring Access Profiles for L2TP or PPP Parameters
• Configuring L2TP Properties for a Client-Specific Profile
• Configuring an L2TP Access Profile on the LNS
• Configuring an L2TP LNS with Inline Service Interfaces
• Configuring PPP Properties for a Client-Specific Profile
• Configuring Service Accounting with JSRC
• Configuring Service Accounting in Local Flat Files on page 193
• AAA Service Framework Overview
371Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
protocols
Syntax protocols {bgp {... bgp-configuration ...
}isis {... isis-configuration ...
}ldp {... ldp-configuration ...
}mpls {...mpls -configuration ...
}msdp {...msdp-configuration ...
}mstp {...mstp-configuration ...
}ospf {domain-id domain-id;domain-vpn-tag number;route-type-community (iana | vendor);traffic-engineering {<advertise-unnumbered-interfaces>;<credibility-protocol-preference>;ignore-lsp-metrics;multicast-rpf-routes;no-topology;shortcuts {lsp-metric-into-summary;
}}... ospf-configuration ...
}ospf3 {domain-id domain-id;domain-vpn-tag number;route-type-community (iana | vendor);traffic-engineering {<advertise-unnumbered-interfaces>;<credibility-protocol-preference>;ignore-lsp-metrics;multicast-rpf-routes;no-topology;shortcuts {lsp-metric-into-summary;
}}... ospf3-configuration ...
}pim {
Copyright © 2018, Juniper Networks, Inc.372
Broadband Subscriber ManagementWholesale Feature Guide
... pim-configuration ...}rip {... rip-configuration ...
}ripng {... ripng-configuration ...
}rstp {rstp-configuration;
}rsvp{... rsvp-configuration ...
}vstp {vstp configuration;
}vpls {vpls configuration;
}}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit routing-instances routing-instance-name]
Release Information Statement introduced before Junos OS Release 7.4.
Support for RIPng introduced in Junos OS Release 9.0.
Statement introduced in Junos OS Release 11.1 for EX Series switches.
Statement introduced in Junos OS Release 11.3 for the QFX Series.
mpls and rsvp options added in Junos OS Release 15.1.
Statement introduced in Junos OS Release 14.1X53-D20 for the OCX Series.
Description Specify the protocol for a routing instance. You can configuremultiple instances ofmany
protocol types. Not all protocols are supported on the switches. See the switch CLI.
373Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Options bgp—Specify BGP as the protocol for a routing instance.
isis—Specify IS-IS as the protocol for a routing instance.
ldp—Specify LDP as the protocol for a routing instance or for a virtual router instance.
l2vpn—Specify Layer 2 VPN as the protocol for a routing instance.
mpls—Specify MPLS as the protocol for a routing instance.
msdp—Specify the Multicast Source Discovery Protocol (MSDP) for a routing instance.
mstp—Specify the Multiple Spanning Tree Protocol (MSTP) for a virtual switch routing
instance.
ospf—Specify OSPF as the protocol for a routing instance.
ospf3—Specify OSPF version 3 (OSPFv3) as the protocol for a routing instance.
NOTE: OSPFv3 supports the no-forwarding, virtual-router, and vrf routing
instance types only.
pim—Specify the Protocol Independent Multicast (PIM) protocol for a routing instance.
rip—Specify RIP as the protocol for a routing instance.
ripng—Specify RIP next generation (RIPng) as the protocol for a routing instance.
rstp—Specify the Rapid Spanning Tree Protocol (RSTP) for a virtual switch routing
instance.
rsvp—Specify the RSVP for a routing instance.
vstp—Specify the VLAN Spanning Tree Protocol (VSTP) for a virtual switch routing
instance.
vpls—Specify VPLS as the protocol for a routing instance.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Example: Configuring Multiple Routing Instances of OSPF
Copyright © 2018, Juniper Networks, Inc.374
Broadband Subscriber ManagementWholesale Feature Guide
proxy-arp
Syntax proxy-arp (restricted | unrestricted);
Hierarchy Level [edit interfaces interface-name unit logical-unit-number],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-number]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.6 for EX Series switches.
restricted added in Junos OS Release 10.0 for EX Series switches.
Statement introduced in Junos OS Release 12.2 for the QFX Series.
Description ForEthernet interfacesonly, configure the router or switch to respond toanyARP request,
as long as the router or switch has an active route to the ARP request’s target address.
NOTE: Youmust configure the IPaddressand the inet family for the interface
when you enable proxy ARP.
Default Proxy ARP is not enabled. The router or switch responds to an ARP request only if the
destination IP address is its own.
Options • none—The router or switch responds to any ARP request for a local or remote address
if the router or switch has a route to the target IP address.
• restricted—(Optional) The router or switch responds to ARP requests in which the
physical networks of the source and target are different and does not respond if the
source and target IP addresses are in the same subnet. The router or switchmust also
have a route to the target IP address.
• unrestricted—(Optional) The router or switch responds to any ARP request for a local
or remote address if the router or switch has a route to the target IP address.
Default: unrestricted
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Restricted and Unrestricted Proxy ARP
• Configuring Proxy ARP on Switches (CLI Procedure)
• Example: Configuring Proxy ARP on an EX Series Switch
• Configuring Gratuitous ARP
375Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
proxy-arp (Dynamic Profiles)
Syntax proxy-arp;
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 9.5.
Description For Ethernet interfaces only, configure the router to respond to any ARP request, as long
as the router has an active route to the target address of the ARP request.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Restricted and Unrestricted Proxy ARP
• Configuring Gratuitous ARP
push (Dynamic VLANs)
Syntax push;
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-numberinput-vlan-map]
Release Information Statement introduced in Junos OS Release 10.4.
Description For dynamic VLAN interfaces, specify the VLAN rewrite operation to add a new VLAN
tag to the top of the VLAN stack. An outer VLAN tag is pushed in front of the existing
VLAN tag. If you include the push statement in the configuration, youmust also include
the pop statement at the [edit dynamic-profiles profile-name interfaces interface-name
unit logical-unit-number output-vlan-map] hierarchy level.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Stacking and Rewriting VLAN Tags for the Layer 2Wholesale Solution on page 80
Copyright © 2018, Juniper Networks, Inc.376
Broadband Subscriber ManagementWholesale Feature Guide
push-backup-to-master (Accounting Options)
Syntax push-backup-to-master;
Hierarchy Level [edit accounting-options file filename]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Configure the router to save the accounting files from the new backup Routing Engine
to the newmaster Routing Engine when a change in mastership occurs. The files are
saved to the /var/log/pfedBackup directory on the router. Themaster Routing Engine
includes these accounting files with its own current accounting files when it transfers
the files from the backup directory to the archive site at the next transfer interval. Use
this statementwhen the newbackupRouting Engine is not able to connect to the archive
site; for example, when site is not connected bymeans of an out-of-band interface or
the path to the site is routed through a line card.
NOTE: The backup Routing Engine’s files on themaster Routing Engine aresent at each interval even though the files remain the same. If this is moreactivity thanyouwant, considerusing thebackup-on-failuremaster-and-slave
statement instead.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Accounting-Data Log Files
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
377Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
radius (Access Profile)
Syntax radius {accounting-server [ ip-address ];attributes {excludeattribute-name packet-type;standard-attribute number {packet-type [ access-request | accounting-off | accounting-on | accounting-start |accounting-stop ];
}vendor-id id-number {vendor-attribute vsa-number {packet-type [ access-request | accounting-off | accounting-on | accounting-start| accounting-stop ];
}}
}ignore {dynamic-iflset-name;framed-ip-netmask;idle-timeout;input-filter;logical-system-routing-instance;output-filter;session-timeout;standard-attribute number;vendor-id id-number {vendor-attribute vsa-number;
}}
}authentication-server [ ip-address ];options {accounting-session-id-format (decimal | description);calling-station-id-delimiter delimiter-character;calling-station-id-format {agent-circuit-id;agent-remote-id;interface-description;nas-identifier;
}chap-challenge-in-request-authenticator;client-accounting-algorithm (direct | round-robin);client-authentication-algorithm (direct | round-robin);coa-dynamic-variable-validation;ethernet-port-type-virtual;interface-description-format {exclude-adapter;exclude-channel;exclude-sub-interface;
}ip-address-change-notifymessage;juniper-dsl-attributes;
Copyright © 2018, Juniper Networks, Inc.378
Broadband Subscriber ManagementWholesale Feature Guide
nas-identifier identifier-value;nas-port-extended-format {adapter-widthwidth;ae-widthwidth;port-widthwidth;slot-widthwidth;stacked-vlan-widthwidth;vlan-widthwidth;atm {adapter-widthwidth;port-widthwidth:slot-widthwidth;vci-widthwidth:vpi-widthwidth;
}}nas-port-id-delimiter delimiter-character;nas-port-id-format {agent-circuit-id;agent-remote-id;interface-description;interface-text-description;nas-identifier;order {agent-circuit-id;agent-remote-id;interface-description;interface-text-description;nas-identifier;postpend-vlan-tags;
}postpend-vlan-tags;
}nas-port-type {ethernet {port-type;
}}revert-interval interval;service-activation {dynamic-profile (optional-at-login | required-at-login);extensible-service (optional-at-login | required-at-login);
}vlan-nas-port-stacked-format;
}preauthentication-server ip-address;
}
Hierarchy Level [edit access profile profile-name]
Release Information Statement introduced in Junos OS Release 9.1.
Statement introduced in Junos OS Release 9.1 for EX Series switches.
379Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Description Configure the RADIUS parameters that the router uses for AAA authentication and
accounting for subscribers.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring RADIUS Server Parameters for Subscriber Access
• RADIUS Server Options for Subscriber Access
Copyright © 2018, Juniper Networks, Inc.380
Broadband Subscriber ManagementWholesale Feature Guide
radius-server
Syntax radius-server server-address {accounting-port port-number;accounting-retry number;accounting-timeout seconds;dynamic-request-portmax-outstanding-requests value;port port-number;preauthentication-port port-number;preauthentication-secret password;retry attempts;routing-instance routing-instance-name;secret password;source-address source-address;timeout seconds;
}
Hierarchy Level [edit access],[edit access profile profile-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
dynamic-request-port option added in Junos OS Release 14.2 for MX Series routers.
preauthentication-port and preauthentication-secret options added in Junos OS Release
15.1 for MX Series routers.
Support for IPv6 server-address introduced in Junos OS Release 16.1.
Description Configure RADIUS for subscriber access management, L2TP, or PPP.
To configure multiple RADIUS servers, includemultiple radius-server statements. The
servers are tried in order and in a round-robin fashion until a valid response is received
from one of the servers or until all the configured retry limits are reached.
Options server-address—IPv4 or IPv6 address of the RADIUS server.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
Configuring RADIUS Authentication for L2TP•
• Configuring the PPP Authentication Protocol
• Configuring Router or Switch Interaction with RADIUS Servers
• Configuring Authentication and Accounting Parameters for Subscriber Access
• show network-access aaa statistics on page 647
381Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• clear network-access aaa statistics
range (Address-Assignment Pools)
Syntax range range-name {high upper-limit;low lower-limit;prefix-length prefix-length;
}
Hierarchy Level [edit access address-assignment pool pool-name family (inet | inet6)]
Release Information Statement introduced in Junos OS Release 9.0.
IPv6 support introduced in Junos OS Release 10.0.
Statement introduced in Junos OS Release 12.3 for EX Series switches.
Description Configure a named range of IPv4 addresses or IPv6 prefixes, used within an
address-assignment pool.
Options high upper-limit—Upper limit of an address range or IPv6 prefix range.
low lower-limit—Lower limit of an address range or IPv6 prefix range.
prefix-length prefix-length—Assigned length of the IPv6 prefix.
range-name—Name assigned to the range of IPv4 addresses or IPv6 prefixes.
Required PrivilegeLevel
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a Named Address Range for Dynamic Address Assignment
• Address-Assignment Pools Overview
• Configuring Address-Assignment Pools
Copyright © 2018, Juniper Networks, Inc.382
Broadband Subscriber ManagementWholesale Feature Guide
ranges (Dynamic VLAN)
Syntax ranges (any | low-tag)-(any | high-tag);
Hierarchy Level [edit interfaces interface-name auto-configure vlan-ranges dynamic-profile profile-name]
Release Information Statement introduced in Junos OS Release 9.5.
Description Configure VLAN ranges for dynamic, auto-sensed VLANs.
Options any—The entire VLAN range.
low-tag—The lower limit of the VLAN range.
high-tag—The upper limit of the VLAN range.
Range: 1 through 4094
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an Interface to Use the Dynamic Profile Configured to Create Single-Tag
VLANs
383Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
remote-id (VLANAuthentication Username)
Syntax remote-id;
Hierarchy Level [edit interfaces interface-nameauto-configurevlan-rangesauthenticationusername-include]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Include the agent remote identifier (ARI) in the username sent to RADIUS for
authenticationof thedynamicVLAN.TheARI is conveyedby theAccess-Loop-Remote-ID
TLV in an out-of-band ANCP Port Upmessage.
NOTE: This statement is not supported for stacked VLANs.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a Username for Authentication of Out-of-Band Triggered Dynamic VLANs
on page 172
• Configuring VLAN Interface Username Information for AAA Authentication
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
Copyright © 2018, Juniper Networks, Inc.384
Broadband Subscriber ManagementWholesale Feature Guide
route-distinguisher
Syntax route-distinguisher (as-number:id | ip-address:id);
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsl2vpnmesh-groupmesh-group-name],
[edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls mesh-groupmesh-group-name],
[edit routing-instances routing-instance-name],[edit routing-instances routing-instance-name protocols l2vpnmesh-groupmesh-group-name],
[edit routing-instances routing-instance-nameprotocolsvplsmesh-groupmesh-group-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for EX Series switches.
Support at [edit routing-instances routing-instance-name protocols vplsmesh-group
mesh-group-name] hierarchy level introduced in Junos OS Release 11.2.
Statement introduced in Junos OS Release 12.3 for ACX Series routers.
Support at [edit routing-instances routing-instance-name protocols l2vpnmesh-group
mesh-group-name] hierarchy level introduced in Junos OS Release 13.2.
Statement introduced in Junos OS Release 14.1X53-D30 for QFX Series switches.
Description Specify an identifier attached to a route, enabling you to distinguish to which VPN or
virtual private LAN service (VPLS) the route belongs. Each routing instancemust have
a unique route distinguisher (RD) associated with it. The RD is used to place bounds
aroundaVPNso that the same IP address prefixes canbeused in different VPNswithout
having them overlap. If the instance type is vrf, the route-distinguisher statement is
required.
For Layer 2VPNsandVPLS, if youconfigure the l2vpn-use-bgp-rules statement, youmust
configure a unique RD for each PE router participating in the routing instance.
For other types of VPNs,we recommend that you use a uniqueRD for each provider edge
(PE) router participating in specific routing instance. Although you can use the same RD
on all PE routers for the same VPN routing instance, if you use a unique RD, you can
determine the customer edge (CE) router fromwhich a route originated within the VPN.
For Layer 2 VPNs and VPLSs, if you configure mesh groups, the RD in eachmesh group
must be unique.
CAUTION: Westrongly recommendthat if youchangeanRDthathasalreadybeenconfigured,make thechangeduringamaintenancewindow,as follows:
1. Deactivate the routing instance.
2. Change the RD.
3. Activate the routing instance.
385Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
This is not required if you are configuring the RD for the first time.
Options as-number:number—as-number is an assigned AS number, and number is any 2-byte or
4-byte value. The AS number can be from 1 through 4,294,967,295. If the AS number
is a 2-byte value, the administrative number is a 4-byte value. If the AS number is
4-byte value, the administrative number is a 2-byte value. An RD consisting of a
4-byte AS number and a 2-byte administrative number is defined as a type 2 RD in
RFC 4364 BGP/MPLS IP VPNs.
NOTE: In Junos OS Release 9.1 and later, the numeric range for AS numbersis extended to provide BGP support for 4-byte AS numbers, as defined inRFC4893,BGPSupport forFour-octetASNumberSpace.All releasesof JunosOS support 2-byte AS numbers. To configure an RD that includes a 4-byteAS number, append the letter “L” to the end of the AS number. For example,an RDwith the 4-byte AS number 7,765,000 and an administrative numberof 1,000 is represented as 77765000L:1000.
In JunosOSRelease9.2 and later, you canalso configure a4-byteASnumberusing the AS dot notation format of two integer values joined by a period:<16-bit high-order value in decimal>.<16-bit low-order value in decimal>. Forexample, the 4-byte AS number of 65,546 in the plain-number format isrepresented as 1.10 in AS dot notation format.
ip-address:id—IP address (ip-address is a 4-byte value) within your assigned prefix range
and a 2-byte value for the id. The IP address can be any globally unique unicast
address.
Range: 0 through 4,294,967,295 (232 – 1). If the router you are configuring is a BGP peer
of a router that does not support 4-byte AS numbers, you need to configure a local
AS number. For more information, see Using 4-Byte Autonomous System Numbers
in BGP Networks Technology Overview.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Example: Configuring BGP Route Target Filtering for VPNs
• Example: Configuring FEC 129 BGP Autodiscovery for VPWS
• Configuring EVPN Routing Instances
• Configuring Routing Instances on PE Routers in VPNs
• Configuring an MPLS-Based Layer 2 VPN (CLI Procedure)
• Configuring an MPLS-Based Layer 3 VPN (CLI Procedure)
• l2vpn-use-bgp-rules
Copyright © 2018, Juniper Networks, Inc.386
Broadband Subscriber ManagementWholesale Feature Guide
routing-instances (Dynamic Profiles)
Syntax routing-instances routing-instance-name {interface interface-name;multicast-snooping-options {}routing-options {access {route prefix {metric route-cost;next-hop next-hop;preference route-distance;tag route-tag;
}}access-internal {route subscriber-ip-address {qualified-next-hop underlying-interface {mac-address address;
}}
}multicast {interface interface-name {no-qos-adjust;
}}rib routing-table-name {access {route prefix {metric route-cost;next-hop next-hop;preference route-distance;tag route-tag;
}}access-internal {route subscriber-ip-address {qualified-next-hop underlying-interface {mac-address address;
}}
}}
}}
Hierarchy Level [edit dynamic-profiles][edit logical-systems logical-system-name ]
Release Information Statement introduced in Junos OS Release 9.6.
Support at the logical-systems hierarchy level was introduced in Junos OS Release 14.2.
387Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Description Dynamically configure an additional routing entity for a router.
Options routing-instance-name—The routing instance variable ($junos-routing-instance). The
routing instance variable is dynamically replaced with the routing instance the
accessing client uses when connecting to the router.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a Dynamic Profile for use by a Retailer in the DHCPv4 Solution on page 20
Copyright © 2018, Juniper Networks, Inc.388
Broadband Subscriber ManagementWholesale Feature Guide
routing-instances (Multiple Routing Entities)
Syntax routing-instances routing-instance-name { ... }
Hierarchy Level [edit],[edit logical-systems logical-system-name]
Release Information Statement introduced before Junos OS Release 7.4.
remote-vtep-v6-list statement introduced in Junos OS Release 17.3 for MX Series routers
with MPC and MIC interfaces.
Description Configure an additional routing entity for a router. You can create multiple instances of
BGP, IS-IS, OSPF, OSPFv3, and RIP for a router. You can also create multiple routing
instances for separating routing tables, routing policies, and interfaces for individual
wholesale subscribers (retailers) in a Layer 3 wholesale network.
Each routing instance consist of the following:
• A set of routing tables
• A set of interfaces that belong to these routing tables
• A set of routing option configurations
Each routing instance has a unique name and a corresponding IP unicast table. For
example, if youconfigurea routing instancewith thenamemy-instance, its corresponding
IP unicast table is my-instance.inet.0. All routes formy-instance are installed into
my-instance.inet.0.
Routes are installed into the default routing instance inet.0 by default, unless a routing
instance is specified.
In Junos OS Release 9.0 and later, you can no longer specify a routing-instance name of
master,default, orbgpor includespecial characterswithin thenameofa routing instance.
In Junos OS Release 9.6 and later, you can include a slash (/) in a routing-instance name
only if a logical system is not configured. That is, you cannot include the slash character
ina routing-instancename if a logical systemother than thedefault is explicitly configured.
Routing-instance names, further, are restricted from having the form __.*__ (beginning
and endingwith underscores). The colon : character cannot be usedwhenmultitopology
routing (MTR) is enabled.
Default Routing instances are disabled for the router.
Options routing-instance-name——Name of the routing instance. This must be a non-reserved
string of not more than 128 characters.
remote-vtep-list—Configure static remote VXLAN tunnel endpoints.
remote-vtep-v6-list—Configure static IPv6 remote VXLAN tunnel endpoints.
389Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Example: Configuring Interprovider Layer 3 VPN Option A
• Example: Configuring Interprovider Layer 3 VPN Option B
• Example: Configuring Interprovider Layer 3 VPN Option C
schema-version (Flat-File Accounting Options)
Syntax schema-version schema-name;
Hierarchy Level [edit accounting-options flat-file-profile profile-name]
Release Information Statement introduced in Junos OS Release 16.1R4.
Description Specify the name of the XML schema that defines the contents and format of the
accounting file, and appears in the accounting record header.
Options schema-name—Name of the schema.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Flat-File Accounting for Layer 2Wholesale on page 185
• Configuring Flat-File Accounting for Extensible Subscriber Services Management on
page 189
• Flat-File Accounting Overview on page 181
Copyright © 2018, Juniper Networks, Inc.390
Broadband Subscriber ManagementWholesale Feature Guide
secret
Syntax secret password;
Hierarchy Level [edit access profile profile-name radius-server server-address],[edit access radius-disconnect client-address],[edit access radius-server server-address]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Description Configure the password to usewith the RADIUS server. The secret password used by the
local router or switch must match that used by the server.
Options password—Password to use; it can include spaces if the character string is enclosed in
quotation marks.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Authentication and Accounting Parameters for Subscriber Access
• Configuring Router or Switch Interaction with RADIUS Servers
• Example: Configuring CHAP Authentication with RADIUS
• Configuring RADIUS Authentication for L2TP
• Configuring the RADIUS Disconnect Server for L2TP
391Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
server (Dynamic PPPoE)
Syntax server;
Hierarchy Level [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”pppoe-options]
Release Information Statement introduced in Junos OS Release 10.1.
Description In adynamicprofile, configure the router toactasaPPPoEserver, also knownasa remote
access concentrator, when a PPPoE logical interface is dynamically created.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a PPPoE Dynamic Profile
• Subscriber Interfaces and PPPoE Overview
Copyright © 2018, Juniper Networks, Inc.392
Broadband Subscriber ManagementWholesale Feature Guide
server-group
Syntax server-group {server-group-name {server-ip-address;
}}
Hierarchy Level [edit forwarding-options dhcp-relay],[edit forwarding-options dhcp-relay dhcpv6],[edit logical-systems logical-system-name forwarding-options dhcp-relay],[edit logical-systems logical-system-name forwarding-options dhcp-relay dhcpv6],[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay],
[edit logical-systems logical-system-name routing-instances routing-instance-nameforwarding-options dhcp-relay dhcpv6],
[edit routing-instances routing-instance-name forwarding-options dhcp-relay],[edit routing-instances routing-instance-name forwarding-options dhcp-relay dhcpv6]
Release Information Statement introduced in Junos OS Release 8.3.
Support at the [edit ... dhcpv6] hierarchy levels introduced in Junos OS Release 11.4.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Specify the name of a group of DHCP server addresses for use by the extended DHCP
relayagent.Use thestatementat the [edit ... dhcpv6]hierarchy levels toconfigureDHCPv6
support.
Options server-group-name—Name of the group of DHCP or DHCPv6 server addresses.
server-ip-address—IP address of the DHCP server belonging to this named server group.
Use IPv6addresseswhenconfiguringDHCPv6support.Youcanconfigureamaximum
of five IP addresses in each named server group.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• dhcp-relay on page 244
• Extended DHCP Relay Agent Overview
• Configuring Named Server Groups
393Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
site (VPLSMultihoming for FEC 128)
Syntax site site-name {mac-pinning;active-interface (any | primary interface-name);best-site;interface interface-name {interface-mac-limit limit;
}mesh-groupmesh-group-name;multi-homing;site-identifier identifier;site-preference preference-value;
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls],
[edit routing-instances routing-instance-name protocols vpls]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the site name and site identifier for a site. Allows you to configure a remote site
ID for remote sites.
Options site-name—Name of the site.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Copyright © 2018, Juniper Networks, Inc.394
Broadband Subscriber ManagementWholesale Feature Guide
site-identifier (VPLS)
Syntax site-identifier identifier;
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls site site-name],
[edit routing-instances routing-instance-name protocols vpls site site-name]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify the numerical identifier for the local VPLS site.
Options identifier—Specify the numerical identifier for the local VPLS site. The identifier must be
an unsigned 16-bit number greater than zero.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring VPLS Routing Instances
395Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
site-range
Syntax site-range number;
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls],
[edit routing-instances routing-instance-name protocols vpls]
Release Information Statement introduced before Junos OS Release 7.4.
Description Specify an upper limit on the maximum site identifier that can be accepted to allow a
pseudowire to be brought up. Pseudowires cannot be established to sites with site
identifiers greater than the configured site range. If you issue the show vpls connections
command, such sites are displayed as OR (out of range).
Options number—Maximum number of site identifiers. We recommend using the default value.
Range: 1 through 65,534
Default: 65,534
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring VPLS Routing Instances
Copyright © 2018, Juniper Networks, Inc.396
Broadband Subscriber ManagementWholesale Feature Guide
stacked-vlan-ranges
Syntax stacked-vlan-ranges {access-profile profile-name;authentication {packet-types [packet-types];password password-string;username-include {circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-name;mac-address;option-18option-37option-82;radius-realm radius-realm-string;user-prefix user-prefix-string;
}}dynamic-profile profile-name {accept (any | dhcp-v4 | inet);access-profilevlan-dynamic-profile-name;ranges (any | low-tag–high-tag),(any | low-tag–high-tag);
}override;
}
Hierarchy Level [edit interfaces interface-name auto-configure]
Release Information Statement introduced in Junos OS Release 9.5.
Description Configure multiple VLANs. Each VLAN is assigned a VLAN ID number from the range.
The remaining statements are explained separately.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing–control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an Interface to Use the Dynamic Profile Configured to Create Stacked VLANs
• Configuring Interfaces to Support Both Single and Stacked VLANs
397Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
stacked-vlan-tagging
Syntax stacked-vlan-tagging;
Hierarchy Level [edit interfaces interface-name]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 12.2 for ACX Series Universal Access Routers.
Description For Gigabit Ethernet IQ interfaces, Gigabit Ethernet, 10-Gigabit Ethernet LAN/WAN PIC,
and 100-Gigabit Ethernet Type 5 PIC with CFP, enable stacked VLAN tagging for all
logical interfaces on the physical interface.
For pseudowire subscriber interfaces, enable stackedVLAN tagging for logical interfaces
on the pseudowire service.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Stacking and Rewriting Gigabit Ethernet VLAN Tags Overview
system
Syntax system { ... }
Hierarchy Level [edit]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 9.0 for EX Series switches.
Description Configure systemmanagement properties.
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• SystemManagement Configuration Statements
Copyright © 2018, Juniper Networks, Inc.398
Broadband Subscriber ManagementWholesale Feature Guide
traceoptions (DHCP)
Syntax traceoptions {file filename <files number> <match regular-expression > <sizemaximum-file-size><world-readable | no-world-readable>;
flag flag;level (all | error | info | notice | verbose | warning);no-remote-trace;
}
Hierarchy Level [edit system processes dhcp-service]
Release Information Statement introduced in Junos OS Release 11.4.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Description Define global tracing operations for extended DHCP local server and extended DHCP
relay agent processes.
This statement replaces the deprecated traceoptions statements at the [edit
forwarding-options dhcp-relay] and [edit system services dhcp-local-server] hierarchy
levels.
Options file filename—Name of the file to receive the output of the tracing operation. Enclose the
namewithin quotation marks. All files are placed in the directory /var/log.
filesnumber—(Optional)Maximumnumber of trace files to create before overwriting the
oldest one. If you specify a maximum number of files, you also must specify a
maximum file size with the size option.
Range: 2 through 1000
Default: 3 files
flag flag—Tracing operation to perform. To specify more than one tracing operation,
includemultiple flag statements:
• all—Trace all events.
• auth—Trace authentication events.
• database—Trace database events.
• fwd—Trace firewall process events.
• general—Tracemiscellaneous events.
• ha—Trace high availability-related events.
• interface—Trace interface operations.
• io—Trace I/O operations.
• liveness-detection—Trace liveness detection operations.
• packet—Trace packet and option decoding operations.
399Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
• performance—Trace performancemeasurement operations.
• profile—Trace profile operations.
• rpd—Trace routing protocol process events.
• rtsock—Trace routing socket operations.
• security-persistence—Trace security persistence events.
• session-db—Trace session database events.
• state—Trace changes in state.
• statistics—Trace baseline statistics.
• ui—Trace user interface operations.
level—Level of tracing to perform; also known as severity level. The option you configure
enables tracing of events at that level and all higher (more restrictive) levels. You can
specify any of the following levels:
• all—Matchmessages of all levels.
• error—Match error messages.
• info—Match informational messages.
• notice—Match notice messages about conditions requiring special handling.
• verbose—Match verbosemessages. This is the lowest (least restrictive) severity level;
when you configure verbose, messages at all higher levels are traced. Therefore, the
result is the same as when you configure all.
• warning—Match warning messages.
Default: error
match regular-expression—(Optional) Refine the output to include lines that contain the
regular expression.
no-remote-trace—Disable remote tracing.
no-world-readable—(Optional) Disable unrestricted file access, allowing only the user
root and users who have the Junos OSmaintenance permission to access the trace
files.
sizemaximum-file-size—(Optional)Maximumsizeofeach trace file.Bydefault, thenumber
entered is treated as bytes. Alternatively, you can include a suffix to the number to
indicate kilobytes (maximum-file-sizek), megabytes (maximum-file-sizem), or
gigabytes (maximum-file-sizeg). If you specify a maximum file size, you also must
specify a maximum number of trace files with the files option.
Range: 10,240 through 1,073,741,824
Default: 128 KB
world-readable—(Optional) Enable unrestricted file access.
Copyright © 2018, Juniper Networks, Inc.400
Broadband Subscriber ManagementWholesale Feature Guide
Required PrivilegeLevel
trace—To view this statement in the configuration.
trace-control—To add this statement to the configuration.
RelatedDocumentation
• Tracing Extended DHCP Operations
underlying-interface (demux0)
Syntax underlying-interface underlying-interface-name;
Hierarchy Level [edit dynamic-profiles profile-name interfaces demux0 interface-name unit unitlogical-unit-number demux-options]
Release Information Statement introduced in Junos OS Release 9.3.
Support for aggregated Ethernet introduced in Junos OS Release 9.4.
Description Configure the underlying interface on which the demultiplexing (demux) interface is
running.
Options underlying-interface-name—Either the specific name of the interface on which the DHCP
discover packet arrives or one of the following interface variables:
• $junos-underlying-interfacewhen configuring dynamic IP demux interfaces.
• $junos-interface-ifd-namewhen configuring dynamic VLAN demux interfaces.
The variable is used to specify the underlying interface when a new demux interface is
dynamically created. The variable is dynamically replaced with the underlying
interface that DHCP supplies when the subscriber logs in.
NOTE: Logicaldemux interfacesarecurrently supportedonGigabitEthernet,Fast Ethernet, 10-Gigabit Ethernet, or aggregated Ethernet interfaces.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles
• Configuring Dynamic Subscriber Interfaces Using VLAN Demux Interfaces in Dynamic
Profiles
• Dynamic PPPoE Subscriber Interfaces over Static Underlying Interfaces Overview
• For information about static underlying interfaces, see the JunosOSNetwork Interfaces
Library for Routing Devices
401Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
underlying-interface (Dynamic PPPoE)
Syntax underlying-interface interface-name;
Hierarchy Level [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit”pppoe-options]
Release Information Statement introduced in Junos OS Release 10.1.
Description In a dynamic profile, configure the underlying interface on which the router creates the
dynamic PPPoE logical interface.
Options interface-name—Variable used to specify the name of the underlying interface on which
the PPPoE logical interface is dynamically created. In the underlying-interface
interface-name statement for dynamic PPPoE logical interfaces, youmust use the
predefined variable$junos-underlying-interface in placeof interface-name.When the
router creates the dynamic PPPoE interface, the $junos-underlying-interface
predefinedvariable is dynamically replacedwith thenameof theunderlying interface
supplied by the network when the subscriber logs in.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a PPPoE Dynamic Profile
• Dynamic PPPoE Subscriber Interfaces over Static Underlying Interfaces Overview
Copyright © 2018, Juniper Networks, Inc.402
Broadband Subscriber ManagementWholesale Feature Guide
unit
Syntax unit logical-unit-number {accept-source-mac {mac-addressmac-address {policer {input cos-policer-name;output cos-policer-name;
}}
}accounting-profile name;advisory-options {downstream-rate rate;upstream-rate rate;
}allow-any-vci;atm-scheduler-map (map-name | default);auto-configure {agent-circuit-identifier {dynamic-profile profile-name;
}line-identity {include {accept-no-ids;circuit-id;remote-id;
}dynamic-profile profile-name;
}}backup-options {interface interface-name;
}bandwidth rate;cell-bundle-size cells;clear-dont-fragment-bit;compression {rtp {maximum-contexts number <force>;f-max-period number;queues [queue-numbers];port {minimum port-number;maximum port-number;
}}
}compression-device interface-name;copy-tos-to-outer-ip-header;demux-destination family;demux-source family;demux-options {underlying-interface interface-name;
403Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
}description text;etree-ac-role (leaf | root);interface {l2tp-interface-id name;(dedicated | shared);
}dialer-options {activation-delay seconds;callback;callback-wait-period time;deactivation-delay seconds;dial-string [dial-string-numbers];idle-timeout seconds;incoming-map {caller caller-id | accept-all;initial-route-check seconds;load-interval seconds;load-threshold percent;pool pool-name;redial-delay time;watch-list {[routes];
}}
}disable;disable-mlppp-inner-ppp-pfc;dlci dlci-identifier;drop-timeoutmilliseconds;dynamic-call-admission-control {activation-priority priority;bearer-bandwidth-limit kilobits-per-second;
}encapsulation type;epd-threshold cells plp1 cells;family family-name {... the family subhierarchy appears after the main [edit interfaces interface-name unitlogical-unit-number] hierarchy ...
}fragment-threshold bytes;host-prefix-only;inner-vlan-id-range start start-id end end-id;input-vlan-map {(pop | pop-pop | pop-swap | push | push-push | swap |swap-push | swap-swap);inner-tag-protocol-id tpid;inner-vlan-id number;tag-protocol-id tpid;vlan-id number;
}interleave-fragments;inverse-arp;layer2-policer {input-policer policer-name;input-three-color policer-name;
Copyright © 2018, Juniper Networks, Inc.404
Broadband Subscriber ManagementWholesale Feature Guide
output-policer policer-name;output-three-color policer-name;
}link-layer-overhead percent;minimum-links number;mrru bytes;multicast-dlci dlci-identifier;multicast-vci vpi-identifier.vci-identifier;multilink-max-classes number;multipoint;oam-liveness {up-count cells;down-count cells;
}oam-period (disable | seconds);output-vlan-map {(pop | pop-pop | pop-swap | push | push-push | swap |swap-push | swap-swap);inner-tag-protocol-id tpid;inner-vlan-id number;tag-protocol-id tpid;
}passive-monitor-mode;peer-unit unit-number;plp-to-clp;point-to-point;ppp-options {mru size;mtu (size | use-lower-layer);chap {access-profile name;default-chap-secret name;local-name name;passive;
}compression {acfc;pfc;
}dynamic-profile profile-name;ipcp-suggest-dns-option;lcp-restart-timermilliseconds;loopback-clear-timer seconds;ncp-restart-timermilliseconds;pap {access-profile name;default-pap-password password;local-name name;local-password password;passive;
}}pppoe-options {access-concentrator name;auto-reconnect seconds;(client | server);
405Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
service-name name;underlying-interface interface-name;
}pppoe-underlying-options {access-concentrator name;direct-connect;dynamic-profile profile-name;max-sessions number;
}proxy-arp;service-domain (inside | outside);shaping {(cbr rate | rtvbr peak rate sustained rate burst length | vbr peak rate sustained rate burstlength);
queue-length number;}short-sequence;targeted-distribution;transmit-weight number;(traps | no-traps);trunk-bandwidth rate;trunk-id number;tunnel {backup-destination address;destination address;key number;routing-instance {destination routing-instance-name;
}source source-address;ttl number;
}vci vpi-identifier.vci-identifier;vci-range start start-vci end end-vci;vpi vpi-identifier;vlan-id number;vlan-id-range number-number;vlan-tags inner tpid.vlan-id outer tpid.vlan-id;family family {accounting {destination-class-usage;source-class-usage {(input | output | input output);
}}access-concentrator name;address address {... the address subhierarchy appears after the main [edit interfaces interface-name unitlogical-unit-number family family-name] hierarchy ...
}bundle interface-name;core-facing;demux-destination {destination-prefix;
}demux-source {
Copyright © 2018, Juniper Networks, Inc.406
Broadband Subscriber ManagementWholesale Feature Guide
source-prefix;}direct-connect;duplicate-protection;dynamic-profile profile-name;filter {group filter-group-number;input filter-name;input-list [filter-names];output filter-name;output-list [filter-names];
}interface-mode (access | trunk);ipsec-sa sa-name;keep-address-and-control;mac-validate (loose | strict);max-sessions number;mtu bytes;multicast-only;no-redirects;policer {arp policer-template-name;input policer-template-name;output policer-template-name;
}primary;protocols [inet isompls];proxy inet-address address;receive-options-packets;receive-ttl-exceeded;remote (inet-address address | mac-address address);rpf-check {fail-filter filter-namemode loose;
}sampling {input;output;
}service {input {post-service-filter filter-name;service-set service-set-name <service-filter filter-name>;
}output {service-set service-set-name <service-filter filter-name>;
}}service-name-table table-name(translate-discard-eligible | no-translate-discard-eligible);(translate-fecn-and-becn | no-translate-fecn-and-becn);translate-plp-control-word-de;unnumbered-address interface-namedestinationaddressdestination-profileprofile-name;vlan-id number;vlan-id-list [number number-number];address address {
407Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
arp ip-address (mac | multicast-mac)mac-address <publish>;broadcast address;destination address;destination-profile name;eui-64;master-only;multipoint-destination address {dlci dlci-identifier;epd-threshold cells <plp1 cells>;inverse-arp;oam-liveness {up-count cells;down-count cells;
}oam-period (disable | seconds);shaping {(cbr rate | rtvbr burst length peak rate sustained rate | vbr burst length peak ratesustained rate);
queue-length number;}vci vpi-identifier.vci-identifier;
}preferred;primary;(vrrp-group | vrrp-inet6-group) group-number {(accept-data | no-accept-data);advertise–interval seconds;authentication-type authentication;authentication-key key;fast-intervalmilliseconds;(preempt | no-preempt) {hold-time seconds;
}priority number;track {interface interface-name {bandwidth-threshold bits-per-second priority-cost number;
}priority-hold-time seconds;route ip-address/prefix-length routing-instance instance-name priority-cost cost;
}virtual-address [addresses];virtual-link-local-address ipv6–address;vrrp-inherit-from {active-interface interface-name;active-group group-number;
}}
}}
}
Hierarchy Level [edit interfaces interface-name],[edit logical-systems logical-system-name interfaces interface-name],[edit interfaces interface-set interface-set-name interface interface-name]
Copyright © 2018, Juniper Networks, Inc.408
Broadband Subscriber ManagementWholesale Feature Guide
Release Information Statement introduced before Junos OS Release 7.4.
Description Configure a logical interfaceon thephysical device. Youmust configure a logical interface
to be able to use the physical device.
Options logical-unit-number—Number of the logical unit.
Range: 0 through 1,073,741,823 for demuxandPPPoE static interfaces. 0 through 16,385for all other static interface types.
etree-ac-role (leaf | root)—To configure an interface as either leaf or root.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Logical Interface Properties
• Example: ConfiguringE-LINEandE-LANServices for aPBBNetworkonMXSeriesRouters
• Junos OS Services Interfaces Library for Routing Devices
409Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
unit (Dynamic Demux Interface)
Syntax unit logical-unit-number {demux-options {underlying-interface interface-name
}family family {access-concentrator name;address address;demux-source {source-address;
}direct-connect;duplicate-protection;dynamic-profile profile-name;filter {input filter-name;output filter-name;
}mac-validate (loose | strict):max-sessions number;max-sessions-vsa-ignore;rpf-check {fail-filter filter-name;mode loose;
}service-name-table table-name;short-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds>;
unnumbered-address interface-name <preferred-source-address address>;}filter {input filter-name;output filter-name;
}}vlan-id number;
Hierarchy Level [edit dynamic-profiles profile-name interfaces demux0]
Release Information Statement introduced in Junos OS Release 9.3.
Description Configure adynamic logical interface on thephysical device. Youmust configure a logical
interface to be able to use the physical device.
Options logical-unit-number—Either the specific unit number of the interface or the unit number
variable ($junos-interface-unit). Thevariable is used tospecify theunit of the interface
when a newdemux interface is dynamically created. The static unit number variable
isdynamically replacedwith theunit number thatDHCPsupplieswhen thesubscriber
logs in.
Copyright © 2018, Juniper Networks, Inc.410
Broadband Subscriber ManagementWholesale Feature Guide
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringDynamicSubscriber InterfacesUsing IPDemux Interfaces inDynamicProfiles
411Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
unit (Dynamic Profiles Standard Interface)
Syntax unit logical-unit-number {actual-transit-statistics;auto-configure {agent-circuit-identifier {dynamic-profile profile-name;
}line-identity {include {accept-no-ids;circuit-id;remote-id;
}dynamic-profile profile-name;
}}dial-options {ipsec-interface-id name;l2tp-interface-id name;(shared | dedicated);
}encapsulation (atm-ccc-cell-relay | atm-ccc-vc-mux | atm-cisco-nlpid | atm-tcc-vc-mux| atm-mlppp-llc | atm-nlpid | atm-ppp-llc | atm-ppp-vc-mux | atm-snap | atm-tcc-snap| atm-vc-mux | ether-over-atm-llc | ether-vpls-over-atm-llc | ether-vpls-over-fr |ether-vpls-over-ppp | ethernet | frame-relay-ccc | frame-relay-ppp | frame-relay-tcc |frame-relay-ether-type | frame-relay-ether-type-tcc |multilink-frame-relay-end-to-end| multilink-ppp | ppp-over-ether | ppp-over-ether-over-atm-llc | vlan-bridge | vlan-ccc |vlan-vci-ccc | vlan-tcc | vlan-vpls);
family family {access-concentrator name;address address;direct-connect;duplicate-protection;dynamic-profile profile-name;filter {adf {counter;input-precedence precedence;not-mandatory;output-precedence precedence;rule rule-value;
}input filter-name {precedence precedence;shared-name filter-shared-name;
}output filter-name {precedence precedence;shared-name filter-shared-name;
}}max-sessions number;max-sessions-vsa-ignore;
Copyright © 2018, Juniper Networks, Inc.412
Broadband Subscriber ManagementWholesale Feature Guide
rpf-check {fail-filter filter-name;mode loose;
}service {input {service-set service-set-name {service-filter filter-name;
}post-service-filter filter-name;
}input-vlan-map {inner-tag-protocol-id tpid;inner-vlan-id number;(push | swap);tag-protocol-id tpid;vlan-id number;
}output {service-set service-set-name {service-filter filter-name;
}}output-vlan-map {inner-tag-protocol-id tpid;inner-vlan-id number;(pop | swap);tag-protocol-id tpid;vlan-id number;
}}service-name-table table-nameshort-cycle-protection <lockout-time-minminimum-seconds lockout-time-maxmaximum-seconds>;
unnumbered-address interface-name <preferred-source-address address>;keepalives {interval seconds;}
ppp-options {chap;pap;
}vlan-id number;vlan-tags outer [tpid].vlan-id [inner [tpid].vlan-id];
}filter {input filter-name {shared-name filter-shared-name;
}output filter-name {shared-name filter-shared-name;
}}host-prefix-only;service {pcef pcef-profile-name {
413Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
activate rule-name | activate-all;}
}}
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name]
Release Information Statement introduced in Junos OS Release 9.2.
Description Configure a logical interfaceon thephysical device. Youmust configure a logical interface
to be able to use the physical device.
Options logical-unit-number—The specific unit number of the interface you want to assign to the
dynamic profile, or one of the following predefined variables:
• $junos-underlying-interface-unit—For staticVLANs, theunit number variable. Thestatic
unit number variable is dynamically replaced with the client unit number when the
client sessionbegins. The client unit number is specifiedby theDHCPwhen it accesses
the subscriber network.
• $junos-interface-unit—TheunitnumbervariableonadynamicunderlyingVLAN interface
forwhich youwant toenable thecreationofdynamicVLANsubscriber interfacesbased
on the ACI.
The remaining statementsareexplainedseparately. Search for a statement inCLIExplorer
or click a linked statement in the Syntax section for details.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringDynamicUnderlyingVLAN Interfaces toUseAgentCircuit Identifier Information
• Configuring Static Underlying VLAN Interfaces to Use Agent Circuit Identifier Information
• Agent Circuit Identifier-Based Dynamic VLANs Overview
Copyright © 2018, Juniper Networks, Inc.414
Broadband Subscriber ManagementWholesale Feature Guide
unnumbered-address (Dynamic PPPoE)
Syntax unnumbered-address interface-name;
Hierarchy Level [edit dynamic-profiles profile-name interfaces pp0 unit “$junos-interface-unit” family inet]
Release Information Statement introduced in Junos OS Release 10.1.
Description For dynamic PPPoE interfaces, enable the local address to be derived from the specified
interface. Configuring unnumbered Ethernet interfaces enables IP processing on the
interface without assigning an explicit IP address to the interface.
Options interface-name—Interface fromwhich the local address is derived. The interface name
must include a logical unit number andmust have a configured address.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring a PPPoE Dynamic Profile
• Dynamic PPPoE Subscriber Interfaces over Static Underlying Interfaces Overview
415Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
unnumbered-address (Dynamic Profiles)
Syntax unnumbered-address interface-name <preferred-source-address address>;
Hierarchy Level [editdynamic-profilesprofile-name interfaces interface-nameunit logical-unit-number familyfamily],
[edit dynamic-profiles profile-name interfaces demux0 unit logical-unit-number familyfamily]
Release Information Statement introduced in Junos OS Release 9.2.
Support for the$junos-preferred-source-addressand$junos-preferred-source-ipv6-address
predefined variables introduced in Junos OS Release 9.6.
Support for the $junos-loopback-interface predefined variable introduced in Junos OS
Release 9.6.
Description ForEthernet interfaces, enable the local address tobederived fromthespecified interface.
Configuring unnumbered Ethernet interfaces enables IP processing on the interface
withoutassigninganexplicit IPaddress to the interface.Toconfigureunnumberedaddress
dynamically, include the $junos-loopback-interface-address predefined variable.
You can configure unnumbered address support on Ethernet interfaces for IPv4 and IPv6
address families.
Options interface-name—Name of the interface fromwhich the local address is derived. The
specified interface must have a logical unit number, a configured IP address, and
must not be an unnumbered interface. This value can be a specific interface name
or the $junos-loopback-interface predefined variable.
When defining the unnumbered-address statement using a static interface, keep the
following in mind:
• If you choose to include the routing-instance statement at the [edit dynamic-profiles]
hierarchy level, that statement must be configured with a dynamic value by using the
$junos-routing-instance predefined variable. In addition, whatever static unnumbered
interface you specify must belong to that routing instance; otherwise, the profile
instantiation fails.
• If youchoose tonot include the routing-instancestatementat the [editdynamic-profiles]
hierarchy level, the unnumbered-address statement uses the default routing instance.
The use of the default routing instance requires that the unnumbered interface be
configured statically and that it reside in the default routing instance.
NOTE: When you specify a static logical interface for the unnumberedinterface in a dynamic profile that includes the $junos-routing-instance
predefined variable, youmust not configure a preferred source address,whether with the $junos-preferred-source-address predefined variable, the
$junos-preferred-source-ipv6-address predefined variable, or the
Copyright © 2018, Juniper Networks, Inc.416
Broadband Subscriber ManagementWholesale Feature Guide
preferred-source-addressstatement.Configuring thepreferredsourceaddress
in this circumstance causes a commit failure.
When defining the unnumbered-address statement using the $junos-loopback-interface
predefined variable, keep the following in mind:
• To use the $junos-loopback-interface predefined variable, the dynamic profile must
alsocontain the routing-instancestatementconfiguredwith the$junos-routing-instance
predefined variable at the [edit dynamic-profiles] hierarchy level.
• The applied loopback interface is based on the dynamically obtained routing instance
of the subscriber.
address—(Optional)Secondary IPaddressof thedonor interface.Configuring thepreferred
source address enables you to use an IP address other than the primary IP address
on some of the unnumbered Ethernet interfaces in your network. This value can be
a static IP address, the $junos-preferred-source-address predefined variable for the
inet family, or the $junos-preferred-source-ipv6-address predefined variable for the
inet6 family.
When defining the preferred-source-address value using a static IP address, keep the
following in mind:
• The unnumbered interface must be statically configured.
• The IP address specified as the preferred-source-addressmust be configured in the
specified unnumbered interface.
When defining the preferred-source-address value using the
$junos-preferred-source-addressor the$junos-preferred-source-ipv6-addresspredefined
variables, keep the following in mind:
• Youmust configure the unnumbered-address statement using the
$junos-loopback-interface predefined variable.
• Youmust configure the routing-instance statement using the $junos-routing-instance
predefined variable at the [edit dynamic-profiles] hierarchy level.
• The preferred source address chosen is based on the dynamically applied loopback
address which is in turn derived from the dynamically obtained routing instance of the
subscriber. The configured loopback address with the closest network match to the
user IP address is selected as the preferred source address.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Dynamic Profiles Overview
417Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
unnumbered-address (Ethernet)
Syntax unnumbered-address interface-name <preferred-source-address address>;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number family family],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-numberfamily family]
Release Information Statement introduced in Junos OS Release 8.2.
preferred-source-address option introduced in Junos OS Release 9.0.
Description ForEthernet interfaces, enable the local address tobederived fromthespecified interface.
Configuring an unnumbered Ethernet interface enables IP processing on the interface
without assigning an explicit IP address to the interface.
Options interface-name—Name of the interface fromwhich the local address is derived. The
specified interfacemust have a logical unit number and a configured IP address, and
must not be an unnumbered interface.
The preferred-source-address statement is explained separately.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an Unnumbered Interface
• address on page 210
• Junos System Basics Configuration Guide
Copyright © 2018, Juniper Networks, Inc.418
Broadband Subscriber ManagementWholesale Feature Guide
username-include
Syntax username-include {circuit-id;circuit-type;delimiter delimiter-character;domain-name domain-name-string;interface-name;mac-address;option-18;option-37;option-82 <circuit-id> <remote-id>;radius-realm radius-realm-string;remote-id;user-prefix user-prefix-string;
}
Hierarchy Level [edit interfaces interface-name auto-configure vlan-ranges authentication],[edit interfaces interface-name auto-configure stacked-vlan-ranges authentication]
Release Information Statement introduced in Junos OS Release 10.0.
Description Configure the username that the router passes to the external AAA server. Youmust
include at least one of the optional statements for the username to be valid. If you do
not configure a username, the router accesses the local authentication service only and
does not use external authentication services, such as RADIUS.
The username takes the format user-prefix mac-address circuit-type circuit-id remote-id
option–82 interface-name domain-name radius-realm. By default, each component is
separated by a period (.), but you can specify a different delimiter with the delimiter
statement.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring VLAN Interface Username Information for AAA Authentication
• Using DHCP Option 82 Suboptions in Authentication Usernames for Autosense VLANs
• UsingDHCPOption 18andOption37 inAuthenticationUsernames forDHCPv6Autosense
VLANs
• Configuring a Username for Authentication of Out-of-Band Triggered Dynamic VLANs
on page 172
419Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
user-prefix (DHCP Local Server)
Syntax user-prefix user-prefix-string;
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server authentication username-include],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server dhcpv6 authentication username-include],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server dhcpv6 group group-name authentication username-include],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server group group-name authentication username-include],
[edit logical-systems logical-system-namesystemservicesdhcp-local-serverauthenticationusername-include],
[edit logical-systems logical-system-name system services dhcp-local-server dhcpv6authentication username-include],
[edit logical-systems logical-system-name system services dhcp-local-server dhcpv6 groupgroup-name authentication username-include],
[edit logical-systems logical-system-name system services dhcp-local-server groupgroup-name authentication username-include],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server authentication username-include],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server dhcpv6 authentication username-include],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server dhcpv6 group group-name authentication username-include],
[edit logical-systems logical-system-name routing-instances routing-instance-name systemservices dhcp-local-server group group-name authentication username-include],
[edit routing-instances routing-instance-name system services dhcp-local-serverauthentication username-include],
[edit routing-instances routing-instance-name system services dhcp-local-server dhcpv6authentication username-include],
[edit routing-instances routing-instance-name system services dhcp-local-server dhcpv6group group-name authentication username-include],
[edit routing-instances routing-instance-name system services dhcp-local-server groupgroup-name authentication username-include],
[edit system services dhcp-local-server authentication username-include],[edit system services dhcp-local-server dhcpv6 authentication username-include],[edit system services dhcp-local-server dhcpv6 group group-name authenticationusername-include],
[edit systemservicesdhcp-local-servergroupgroup-nameauthenticationusername-include]
Release Information Statement introduced in Junos OS Release 9.1.
Statement introduced in Junos OS Release 12.3R2 for EX Series switches.
Description Specify the user prefix that is concatenated with the username during the subscriber
authentication or DHCP client authentication process.
Options user-prefix-string—User prefix string.
Copyright © 2018, Juniper Networks, Inc.420
Broadband Subscriber ManagementWholesale Feature Guide
Required PrivilegeLevel
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
RelatedDocumentation
• Using External AAA Authentication Services with DHCP
vlan-id (Dynamic VLANs)
Syntax vlan-id number;
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-numberinput-vlan-map],
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-numberoutput-vlan-map]
Release Information Statement introduced in Junos OS Release 10.4.
Description For dynamicVLAN interfaces, specify the lineVLAN identifiers tobe rewrittenat the input
or output interface.
Youcannot include thevlan-idstatementwith the swapstatement, swap-pushstatement,
push-push statement, orpush-swap statement at the [editdynamic-profilesprofile-name
interfaces interface-nameunit logical-unit-numberoutput-vlan-map]hierarchy level. If you
include any of those statements in the output VLANmap, the VLAN ID in the outgoing
frame is rewritten to the vlan-id statement that you include at the [edit dynamic-profiles
profile-name interfaces interface-name unit logical-unit-number] hierarchy level.
Options number—A valid VLAN identifier. When used for input VLANmaps, you can specify the
$junos-vlan-map-id predefined variable to dynamically obtain the VLAN identifier.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Rewriting the VLAN Tag on Tagged Frames
• Binding VLAN IDs to Logical Interfaces
421Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
vlan-id (VLAN ID to Be Bound to a Logical Interface)
Syntax vlan-id number;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-number]
Release Information Statement introduced before Junos OS Release 7.4.
Description For Fast Ethernet, Gigabit Ethernet, and Aggregated Ethernet interfaces only, bind a
802.1Q VLAN tag ID to a logical interface.
Options number—A valid VLAN identifier.
Range: For aggregated Ethernet, 4-port, 8-port, and 12-port Fast Ethernet PICs, and formanagement and internal Ethernet interfaces, 1 through 1023.
For 48-port Fast Ethernet and Gigabit Ethernet PICs, 1 through 4094.
VLAN ID 0 is reserved for tagging the priority of frames.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Enabling VLAN Tagging
Copyright © 2018, Juniper Networks, Inc.422
Broadband Subscriber ManagementWholesale Feature Guide
vlan-model
Syntax vlan-model one-to-one;
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit routing-instances routing-instance-name]
Release Information Statement introduced in Junos OS Release 11.2.
Description Define the network VLANmodel.
Options one-to-one—Specify thatany received, dual-taggedVLANpacket triggers theprovisioning
process in a Layer 2Wholesale network. Using this option, the router learns VLAN
tags for each individual client. The router learns both the outer tag and inner tag of
the incoming packets, when the instance-role statement is defined as access, or the
outer VLAN tag only, when the instance-role statement is defined as nni.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• ConfiguringSeparateAccessRouting Instances for Layer 2WholesaleServiceRetailers
on page 86
• Configuring Separate NNI Routing Instances for Layer 2Wholesale Service Retailers
on page 89
423Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
vlan-ranges
Syntax vlan-ranges {access-profile profile-name;authentication {packet-types [packet-types];password password-string;username-include {circuit-type;circuit-id;delimiter delimiter-character;domain-name domain-name-string;interface-name;mac-address;option-18;option-37;option-82 <circuit-id> <remote-id>;radius-realm radius-realm-string;remote-id;user-prefix user-prefix-string;
}}dynamic-profile profile-name {accept (any | dhcp-v4 | inet);accept-out-of-band protocol;access-profilevlan-dynamic-profile-name;ranges (any | low-tag)–(any | high-tag);
}override;
}
Hierarchy Level [edit interfaces interface-name auto-configure]
Release Information Statement introduced in Junos OS Release 9.5.
Description Configure multiple VLANs. Each VLAN is assigned a VLAN ID number from the range.
The remaining statements are explained separately.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing–control—To add this statement to the configuration.
RelatedDocumentation
• Configuring an Interface to Use the Dynamic Profile Configured to Create Single-Tag
VLANs
• Configuring Interfaces to Support Both Single and Stacked VLANs
Copyright © 2018, Juniper Networks, Inc.424
Broadband Subscriber ManagementWholesale Feature Guide
vlan-tags
Syntax vlan-tags outer [tpid].vlan-id [inner [tpid].vlan-id];
Hierarchy Level [edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number]
Release Information Statement introduced in Junos OS Release 9.5.
VLAN demux interface support introduced in Junos OS Release 10.2.
Description For Gigabit Ethernet IQ and IQE interfaces only, binds TPIDs and 802.1Q VLAN tag IDs to
a logical interface. Youmust include the stacked-vlan-tagging statement at the [edit
interfaces interface-name] hierarchy level.
NOTE: The inner-range vid1–vid2 option is supported on IQE PICs only.
Options inner[tpid].vlan-id—ATPID(optional)andavalidVLAN identifier in the format tpid.vlan-id.
When used in the dynamic-profiles hierarchy, specify the $junos-vlan-id predefined
variable to dynamically obtain the VLAN ID.
NOTE: On the network-to-network (NNI) or egress interfaces of provideredge (PE) routers, you cannot configure the inner-range tpid.vid1—vid2option
with the vlan-tags statement for ISP-facing interfaces.
Range: For VLAN ID, 1 through 4094. VLAN ID 0 is reserved for tagging the priority offrames.
outer[tpid].vlan-id—ATPID(optional)andavalidVLAN identifier in the format tpid.vlan-id.
When used in the dynamic-profiles hierarchy, specify the $junos-stacked-vlan-id
predefined variable.
Range: For VLAN ID, 1 through 511 for normal interfaces, and 512 through 4094 for VLANCCC interfaces. VLAN ID 0 is reserved for tagging the priority of frames.
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Dual VLAN Tags
425Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
vlan-tags (Stacked VLAN Tags)
Syntax vlan-tags inner tpid.vlan-id inner-list value inner-range vid1—vid2 outer tpid.vlan-id;
Hierarchy Level [edit interfaces interface-name unit logical-unit-number],[edit logical-systems logical-system-name interfaces interface-nameunit logical-unit-number]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 12.1X48 for PTX Series Packet Transport
Routers.
Description BindTPIDs and802.1QVLAN tag IDs to a logical interface. TPID fields are used to identify
the frame as an IEEE 802.1Q-tagged frame.
Options inner tpid.vlan-id—A TPID and a valid VLAN identifier. TPID is a 16-bit field set to a value
of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame.
Range: (most routers) For VLAN ID, 1 through 4094. VLAN ID 0 is reserved for taggingthe priority of frames. For PTX Series, VLAN ID 0 is not supported.
inner-list value— List or a set of VLAN identifiers.
NOTE: This is supported onMX Series routers with Trio-based FPCs.
inner-range tpid. vid1–vid2—Specify aTPIDanda range of VLAN IDswhere vid1 is the start
of the range and vid2 is the end of the range.
NOTE: On the network-to-network (NNI) or egress interfaces of provideredge (PE) routers, you cannot configure the inner-range tpid.vid1—vid2option
with the vlan-tags statement for ISP-facing interfaces.
Range: For VLAN ID, 1 through 4094. VLAN ID 0 is reserved for tagging the priority offrames.
outer tpid.vlan-id—A TPID and a valid VLAN identifier.
Range: (most routers) For VLAN ID, 1 through 511 for normal interfaces, and 512 through4094 for VLAN CCC interfaces. VLAN ID 0 is reserved for tagging the priority of
frames. For PTX Series, VLAN ID 0 is not supported.
NOTE: Configuring inner-rangewith theentirevlan-id rangeconsumessystem
resources and is not a best practice. The inner-rangemust be used onlywhen
asubsetofVLAN IDsof inner tag(not theentire range)needs tobeassociatedwith a logical interface. If you specify the entire range (1 through 4094), it
Copyright © 2018, Juniper Networks, Inc.426
Broadband Subscriber ManagementWholesale Feature Guide
has the same result as not specifying a range; however, it consumes PacketForwarding Engine resources such as VLAN lookup table entries, and so on.
The following examples illustrate this further:
[edit interfaces interface-name]stacked-vlan-tagging;unit number { vlan-tags outer vid inner-range 1-4094;}
[edit interfaces interface-name]vlan-tagging;unit number { vlan-id vid;}
Required PrivilegeLevel
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring Dual VLAN Tags
• Configuring Flexible VLAN Tagging on PTX Series Packet Transport Routers
• stacked-vlan-tagging on page 398
427Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
vpls (Routing Instance)
Syntax vpls {mac-pinning;active-interface {any;primary interface-name;
}community COMM;connectivity-type (ce | irb);control-word;encapsulation-type ethernet;ignore-encapsulation-mismatch;ignore-mtu-mismatch;import-labeled-routes [ routing-instance-name ];interface interface-name;interface-mac-limit limit;label-block-size size;mac-flush [ explicit-mac-flush-message-options ];mac-table-aging-time time;mac-table-size size;mesh-groupmesh-group-name {interface interface-name;l2vpn-id (as-number:id | ip-address:id);local-switching;mac-flush [ explicit-mac-flush-message-options ];neighbor address {...};peer-as all;pseudowire-status-tlv hot-standby-vc-on;route-distinguisher (as-number:id | ip-address:id);vpls-id number;vrf-export [ policy-names ];vrf-import [ policy-names ];vrf-target {community;import community-name;export community-name;
}}mtumtu;no-control-word;no-tunnel-services;site site-name {active-interface interface-name {any;primary preference-value;
}best-site;interface interface-name {interface-mac-limit limit;
}mesh-groupmesh-group-name;multi-homing;site-identifier identifier;
Copyright © 2018, Juniper Networks, Inc.428
Broadband Subscriber ManagementWholesale Feature Guide
site-preference preference-value {backup;primary;
}}site-range number;traceoptions {file filename <files number> <size size> <world-readable | no-world-readable>;flag flag <flag-modifier> <disable>;
}tunnel-services {devices device-names;primary primary-device-name;
}}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-nameprotocols],
[edit routing-instances routing-instance-name protocols]
Release Information Statement introduced before Junos OS Release 7.4.
mac-flush option introduced in Junos OS Release 10.0.
hot-standby-vc-on, import-labeled-routes[ routing-instance-name ], and interface interface
options introduced in Junos OS Release 15.1R2.
Description Configure a virtual private LAN service (VPLS) routing instance.
The remaining statements are explained separately. See CLI Explorer.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Configuring VPLS Routing Instances
429Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
vrf-export
Syntax vrf-export [ policy-names ];
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls mesh-groupmesh-group-name]
[edit routing-instances routing-instance-name][edit routing-instances routing-instance-nameprotocolsvplsmesh-groupmesh-group-name][edit switch-options]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for EX Series switches.
Statement introduced in Junos OS Release 12.3 for ACX Series routers.
Statement introduced in Junos OS Release 14.1X53-D30 for QFX Series switches.
Description Specify how routes are exported from the local PE router’s VRF table
(routing-instance-name.inet.0) to the remote PE router. If the value vrf is specified for
the instance-type statement included in the routing instanceconfiguration, this statement
is required.
You can configure multiple export policies on the PE router or PE switch.
Default If the instance-type is vrf, vrf-export is a required statement. The default action is to
reject.
Options policy-names—Names for the export policies.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Implementing EVPN-VXLAN for Data Centers
• instance-type on page 347
• Configuring Policies for the VRF Table on PE Routers in VPNs
Copyright © 2018, Juniper Networks, Inc.430
Broadband Subscriber ManagementWholesale Feature Guide
vrf-import
Syntax vrf-import [ policy-names ];
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls mesh-groupmesh-group-name]
[edit routing-instances routing-instance-name][edit routing-instances routing-instance-nameprotocolsvplsmesh-groupmesh-group-name][edit switch-options]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for EX Series switches.
Statement introduced in Junos OS Release 14.1X53-D30 for QFX Series switches.
Description Specify how routes are imported into the virtual routing and forwarding (VRF) table
(routing-instance-name.inet.0) of the local provider edge (PE) router or switch from the
remote PE router. If the value vrf is specified for the instance-type statement included in
the routing instance configuration, this statement is required.
You can configure multiple import policies on the PE router or switch.
Default If the instance type is vrf, vrf-import is a required statement. The default action is to
accept.
Options policy-names—Names for the import policies.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
RelatedDocumentation
• Implementing EVPN-VXLAN for Data Centers
• instance-type on page 347
• Configuring Policies for the VRF Table on PE Routers in VPNs
431Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
vrf-target
Syntax vrf-target {community;autoimport community-name;export community-name;
}
Hierarchy Level [edit logical-systems logical-system-name routing-instances routing-instance-name],[edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsl2vpnmesh-groupmesh-group-name],
[edit logical-systems logical-system-name routing-instances routing-instance-nameprotocolsvpls mesh-groupmesh-group-name],
[edit routing-instances routing-instance-name protocols evpn vni-options],[edit routing-instances routing-instance-name protocols l2vpnmesh-groupmesh-group-name],
[edit routing-instances routing-instance-nameprotocolsvplsmesh-groupmesh-group-name],[edit switch-options]
Release Information Statement introduced before Junos OS Release 7.4.
Statement introduced in Junos OS Release 11.1 for EX Series switches.
Statement introduced in Junos OS Release 12.3 for ACX Series routers.
Statement introduced in Junos OS Release 14.1X53-D30 for QFX Series switches. auto
optionwas also added at this time.
Description Specify a virtual routing and forwarding (VRF) target community. If you configure the
community option only, default VRF import and export policies are generated that accept
and tag routes with the specified target community. The purpose of the vrf-target
statement is to simplify the configuration by allowing you to configure most statements
at the [edit routing-instances] hierarchy level. In effect, this statement configures a single
policy for import and a single policy for export to replace the per-VRF policies for every
community.
Youcan still createmore complexpoliciesbyexplicitly configuringVRF import andexport
policies using the import and export options.
Options community—Community name.
auto—Automatically derives the route target (RT) for QFX5100 switches.
import community-name—Allowed communities accepted from neighbors.
export community-name—Allowed communities sent to neighbors.
Required PrivilegeLevel
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Copyright © 2018, Juniper Networks, Inc.432
Broadband Subscriber ManagementWholesale Feature Guide
RelatedDocumentation
• Configuring Policies for the VRF Table on PE Routers in VPNs
• Example: Configuring FEC 129 BGP Autodiscovery for VPWS
433Copyright © 2018, Juniper Networks, Inc.
Chapter 11: Configuration Statements
Copyright © 2018, Juniper Networks, Inc.434
Broadband Subscriber ManagementWholesale Feature Guide
CHAPTER 12
Operational Commands
• clear ancp access-loop
• clear ancp neighbor
• clear dhcp relay binding
• clear dhcp relay statistics
• clear dhcp server binding
• clear dhcp server statistics
• clear dhcpv6 server binding
• clear dhcpv6 server statistics
• clear network-access aaa subscriber
• request ancp oam port-down
• request ancp oam port-up
• request auto-configuration reconnect-pending
• show ancp neighbor
• show auto-configuration out-of-band pending
• show dhcp relay binding
• show dhcp relay statistics
• show dhcp server binding
• show dhcp server statistics
• show dhcpv6 server binding
• show dhcpv6 server statistics
• show interfaces (Aggregated Ethernet)
• show interfaces (Fast Ethernet)
• show interfaces
• show interfaces (Loopback)
• show interfaces (PPPoE)
• show interfaces demux0 (Demux Interfaces)
• show interfaces filters
• show interfaces l2-routing-instance
435Copyright © 2018, Juniper Networks, Inc.
• show interfaces routing
• show interfaces routing-instance
• show network-access aaa statistics
• show network-access aaa statistics authentication
• show network-access aaa subscribers
• show network-access address-assignment pool
• show ppp interface
• show subscribers
• show subscribers summary
• show vpls connections
• show vpls flood event-queue
• show vpls flood instance
• show vpls flood route
• show vpls mac-table
• show vpls statistics
Copyright © 2018, Juniper Networks, Inc.436
Broadband Subscriber ManagementWholesale Feature Guide
clear ancp access-loop
Syntax clear ancp access-loop(neighbor ip-address | subscriber-interface physical-interface-name)circuit-id aciremote-id ariouter-vlan-id vlan-id
Release Information Command introduced in Junos OS Release 16.1R4.
Description Clear theconnection for thesubscriberon thespecifiedaccess loop foranANCP-triggered,
autosensed dynamic VLAN. The autoconfiguration daemon (autoconfd) deletes any
existing cached information about the subscriber. This command simulates a CPE
connection reset as seen when the access node sends a Port Downmessage followed
by a Port Upmessage.
Options aci—ANCP Access-Loop-Circuit-ID TLV that identifies the subscriber-side access looplogical port and partially identifies an access loop to clear.
ari—ANCP Access-Loop-Remote-ID TLV that uniquely identifies the subscriber on theaccess loop and partially identifies an access loop to clear.
ip-address—ANCP neighbor’s IP address that specifies an access loop to clear.
physical-interface-name—Subscriber interface that specifies an access loop to clear.
vlan-id—ANCPAccess-Aggregation-Circuit-ID-BinaryTLV that identifies the logical circuitidentifier on the NAS side and partially identifies an access loop to clear.
Required PrivilegeLevel
clear
RelatedDocumentation
Clearing ANCP Access Loops on page 178•
• TriggeringANCPOAMtoSimulateANCPPortDownandPortUpMessagesonpage 174
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
List of Sample Output clear ancp access-loop on page 438
Output Fields When you enter this command, you are provided no feedback on the status of your
request. You can enter the show ancp neighbor command before and after clearing the
access loop to verify the clear operation.
437Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sample Output
clear ancp access-loop
user@host> clearancp-access-loopneighbor 192.168.25.31circuit-id line-aci-1 remote-id line-ari-1outer-vlan-id 126
Copyright © 2018, Juniper Networks, Inc.438
Broadband Subscriber ManagementWholesale Feature Guide
clear ancp neighbor
Syntax clear ancp neighbor<ip-address ip-address><system-namemac-address>
Release Information Command introduced in Junos OS Release 9.4.
Description Clear the ANCP agent connection with all ANCP neighbors or with the specified ANCP
neighbor. This commanddeletes information for subscribersassociatedwith theneighbor,
causing the adjusted traffic rates to revert to the configured rate for the subscriber
interfaces. The neighbor remains configured (its administrative state is enabled) and can
reestablish adjacencies.
This command initiates logoutofANCP-triggereddynamicVLANsessionson thephysical
interface associated with the specified neighbor; conventionally autosensed dynamic
VLAN sessions and their associated logical interfaces are not affected.
Options none—Clear all ANCP neighbors.
ip-address ip-address—(Optional) Clear theANCPneighbor specified by the IP address.
system-namemac-address—(Optional) Clear the ANCP neighbor specified by theMACaddress.
Required PrivilegeLevel
clear
RelatedDocumentation
show ancp neighbor on page 463•
List of Sample Output clear ancp neighbor on page 439show ancp neighbor on page 439
Output Fields When you enter this command, you are provided no feedback on the status of your
request. You can enter the show ancp neighbor command before and after clearing the
ANCP neighbors to verify the clear operation.
Sample Output
clear ancp neighbor
user@host> clear ancp neighbor
show ancp neighbor
The following sample output displays the connections with ANCP neighbors before and
after the clear ancp neighbor command was issued.
439Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
user@host> show ancp neighbor
IP Address MAC Address State Subscriber Capabilities Count 203.0.113.102 00:00:5e:00:53:10 Established 5 Topo 203.0.113.122 00:00:5e:00:53:12 Established 5 Topo 203.0.113.132 00:00:5e:00:53:13 Established 5 Topo 203.0.113.142 00:00:5e:00:53:14 Established 5 Topo
user@host> clear ancp neighbor ip-address 203.0.113.102
user@host> show ancp neighbor
IP Address MAC Address State Subscriber Capabilities Count 203.0.113.122 00:00:5e:00:53:12 Established 5 Topo 203.0.113.132 00:00:5e:00:53:13 Established 5 Topo 203.0.113.142 00:00:5e:00:53:14 Established 5 Topo
Copyright © 2018, Juniper Networks, Inc.440
Broadband Subscriber ManagementWholesale Feature Guide
clear dhcp relay binding
Syntax clear dhcp relay binding<address><all><dual-stack><interface interface-name><interfaces-vlan><interfaces-wildcard><logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 8.3.
Options all and interface added in Junos OS Release 8.4.
Options interfaces-vlan and interfaces-wildcard added in Junos OS Release 12.1.
Command introduced in Junos OS Release 12.1X48R3 for PTX Series Packet Transport
Routers.
Option dual-stack added in Junos OS Release 15.1.
Description Clear the binding state of a Dynamic Host Configuration Protocol (DHCP) client from
the client table.
Options address—(Optional)Clear thebindingstate for theDHCPclient, usingoneof the followingentries:
• ip-address—The specified IP address.
• mac-address—The specified MAC address.
• session-id—The specified session ID.
all—(Optional) Clear the binding state for all DHCP clients.
dual-stack—(Optional) Clear the binding state for DHCPv4 clients and the associatedDHCPv6 bindings in the single-session DHCP dual stack. DHCPv6 clients created in
a DHCPv6-only stack are not affected.
interface interface-name—(Optional) Clear the binding state for DHCP clients on thespecified interface.
interfaces-vlan—(Optional)Clear thebinding stateon the interfaceVLAN IDandS-VLANID.
interfaces-wildcard—(Optional) The set of interfaces on which to clear bindings. Thisoption supports the use of the wildcard character (*).
logical-system logical-system-name—(Optional) Clear the binding state for DHCPclients on the specified logical system.
routing-instance routing-instance-name—(Optional) Clear the binding state for DHCPclients on the specified routing instance.
441Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Required PrivilegeLevel
view
RelatedDocumentation
Clearing DHCP Bindings for Subscriber Access•
• show dhcp relay binding on page 472
List of Sample Output clear dhcp relay binding on page 442clear dhcp relay binding all on page 442clear dhcp relay binding dual-stack all on page 442clear dhcp relay binding interface on page 443clear dhcp relay binding <interfaces-vlan> on page 443clear dhcp relay binding <interfaces-wildcard> on page 443
Output Fields See show dhcp relay binding for an explanation of output fields.
Sample Output
clear dhcp relay binding
The following sample output displays the address bindings in the DHCP client table
before and after the clear dhcp relay binding command is issued.
user@host> show dhcp relay bindingIP address Hardware address Type Lease expires at198.51.100.32 00:00:5e:00:53:01 active 2007-02-08 16:41:17 EST192.168.14.8 00:00:5e:00:53:02 active 2007-02-10 10:01:06 EST
user@host> clear dhcp relay binding 198.51.100.32
user@host> show dhcp relay bindingIP address Hardware address Type Lease expires at192.168.14.8 00:00:5e:00:53:02 active 2007-02-10 10:01:06 EST
clear dhcp relay binding all
The following command clears all DHCP relay agent bindings:
user@host> clear dhcp relay binding all
clear dhcp relay binding dual-stack all
The following command clears all DHCP relay agent bindings for all DHCPv4 clients and
the associated DHCPv6 bindings in the single-session DHCP dual stack. DHCPv6 clients
created in a DHCPv6-only stack are not affected.
user@host> clear dhcp relay binding dual-stack all
Copyright © 2018, Juniper Networks, Inc.442
Broadband Subscriber ManagementWholesale Feature Guide
clear dhcp relay binding interface
The following command clears DHCP relay agent bindings on a specific interface:
user@host> clear dhcp relay binding interface fe-0/0/3
clear dhcp relay binding <interfaces-vlan>
The following command uses the interfaces-vlan option to clear all DHCP relay agent
bindings on topof the underlying interfaceae0, which clearsDHCPbindings onall demux
VLANs on top of ae0:
user@host> clear dhcp relay binding interface ae0
clear dhcp relay binding <interfaces-wildcard>
The followingcommanduses the interfaces-wildcardoption to clear all DHCP relayagent
bindings over a specific interface:
user@host> clear dhcp relay binding ge-1/0/0.*
443Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
clear dhcp relay statistics
Syntax clear dhcp relay statistics<bulk-leasequery-connections><logical-system logical-system-name><routing-instance routing-instance-name>
Syntax Syntax for EX Series switches:
show dhcp relay statistics<routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 8.3.
Statement introduced in Junos OS Release 12.1 for EX Series switches.
Command introduced in Junos OS Release 12.1X48R3 for PTX Series Packet Transport
Routers.
bulk-leasequery-connections option introduced in Junos OS Release 16.1.
Description Clear all Dynamic Host Configuration Protocol (DHCP) relay statistics.
Options bulk-leasequery-connections—(Optional) Clear bulk leasequery statistics.
logical-system logical-system-name—(Onroutersonly) (Optional)Performthisoperation
on the specified logical system. If youdonot specify a logical systemname, statistics
are cleared for the default logical system.
routing-instance routing-instance-name—(Optional) Perform this operation on the
specified routing instance. If you do not specify a routing instance name, statistics
are cleared for the default routing instance.
Required PrivilegeLevel
view
RelatedDocumentation
show dhcp relay statistics on page 478•
List of Sample Output clear dhcp relay statistics on page 445
Output Fields Table 14 on page 445 lists the output fields for the clear dhcp relay statistics command.
Copyright © 2018, Juniper Networks, Inc.444
Broadband Subscriber ManagementWholesale Feature Guide
Table 14: clear dhcp relay statistics Output Fields
Field DescriptionField Name
Number of packets discarded by the extended DHCP relay agent application due to errors. Onlynonzero statistics appear in the Packets dropped output. When all of the Packets dropped statisticsare 0 (zero), only the Total field appears.
• Total—Total number of packets discarded by the extended DHCP relay agent application.
• Bad hardware address—Number of packets discarded because an invalid hardware address wasspecified.
• Bad opcode—Number of packets discarded because an invalid operation code was specified.
• Bad options—Number of packets discarded because invalid options were specified.
• Invalidserveraddress—Numberofpacketsdiscardedbecausean invalid serveraddresswasspecified.
• Lease Time Violation—Number of packets discarded because of a lease time violation
• No available addresses—Number of packets discarded because there were no addresses availablefor assignment.
• No interfacematch—Number of packets discarded because they did not belong to a configuredinterface.
• Norouting instancematch—Numberofpacketsdiscardedbecause theydidnotbelong toaconfiguredrouting instance.
• No valid local address—Number of packets discarded because there was no valid local address.
• Packet too short—Number of packets discarded because they were too short.
• Read error—Number of packets discarded because of a system read error.
• Send error—Number of packets that the extended DHCP relay application could not send.
• Option60—Number of packets discarded containingDHCPoption 60 vendor-specific information.
• Option82—NumberofpacketsdiscardedbecauseDHCPoption82 informationcouldnotbeadded.
Packets dropped
Number of DHCPmessages received.
• BOOTREQUEST—Number of BOOTP protocol data units (PDUs) received
• DHCPDECLINE—Number of DHCP PDUs of type DECLINE received
• DHCPDISCOVER—Number of DHCP PDUs of type DISCOVER received
• DHCPINFORM—Number of DHCP PDUs of type INFORM received
• DHCPRELEASE—Number of DHCP PDUs of type RELEASE received
• DHCPREQUEST—Number of DHCP PDUs of type REQUEST received
Messages received
Number of DHCPmessages sent.
• BOOTREPLY—Number of BOOTP PDUs transmitted
• DHCPOFFER—Number of DHCP OFFER PDUs transmitted
• DHCPACK—Number of DHCP ACK PDUs transmitted
• DHCPNACK—Number of DHCP NACK PDUs transmitted
Messages sent
Sample Output
clear dhcp relay statistics
The following sample output displays theDHCP relay statistics before and after the clear
dhcp relay statistics command is issued.
445Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
user@host> show dhcp relay statisticsPackets dropped: Total 1 Lease Time Violated 1
Messages received: BOOTREQUEST 116 DHCPDECLINE 0 DHCPDISCOVER 11 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 105
Messages sent: BOOTREPLY 44 DHCPOFFER 11 DHCPACK 11 DHCPNAK 11
user@host> clear dhcp relay statistics
user@host> show dhcp relay statisticsPackets dropped: Total 0
Messages received: BOOTREQUEST 0 DHCPDECLINE 0 DHCPDISCOVER 0 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 0
Messages sent: BOOTREPLY 0 DHCPOFFER 0 DHCPACK 0 DHCPNAK 0
Copyright © 2018, Juniper Networks, Inc.446
Broadband Subscriber ManagementWholesale Feature Guide
clear dhcp server binding
Syntax clear dhcp server binding<address><all><interface interface-name><interfaces-vlan><interfaces-wildcard><logical-system logical-system-name><routing-instance routing-instance-name><dual-stack>
Release Information Command introduced in Junos OS Release 9.0.
Options interfaces-vlan and interfaces-wildcard added in Junos OS Release 12.1.
Command updated with dual-stack statement in Junos OS Release 17.3.
Description Clear the binding state of a Dynamic Host Configuration Protocol (DHCP) client from
the client table on the extended DHCP local server.
NOTE: If you delete the DHCP server configuration, DHCP server bindingsmight still remain. To ensure thatDHCPbindings are removed, issue the clear
dhcpserverbindingcommandbeforeyoudeletetheDHCPserverconfiguration.
Options address—(Optional)Clear thebindingstate for theDHCPclient, usingoneof the followingentries:
• ip-address—The specified IP address.
• mac-address—The specified MAC address.
• session-id—The specified session ID.
all—(Optional) Clear the binding state for all DHCP clients.
interface interface-name—(Optional) Clear the binding state for DHCP clients on thespecified interface.
NOTE: This option clears all bindings whose initial login requests werereceived over the specified interface. Dynamic demux login requests arenot receivedover thedynamicdemux interface, but rather theunderlyinginterface of the dynamic demux interface. To clear a specific dynamicdemux interface, use the ip-address ormac-address options.
447Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
interfaces-vlan—(Optional)Clear thebinding stateon the interfaceVLAN IDandS-VLANID.
interfaces-wildcard—(Optional)Clearbindingsonasetof interfaces.Thisoptionsupportsthe use of the wildcard character (*).
logical-system logical-system-name—(Optional) Clear the binding state for DHCPclients on the specified logical system.
routing-instance routing-instance-name—(Optional) Clear the binding state for DHCPclients on the specified routing instance.
dual-stack—(Optional) Remove either both arms or single arm of dual-stack.
NOTE:
• The dual-stack command is added in the syntax removes both arms
of the dual-stack with a single command entry.
• When the dual-stack command is not added in the syntax, the clear
dhcpv6 server binding command clears only the family specific arm of
the dual-stack.
Required PrivilegeLevel
view
RelatedDocumentation
Clearing DHCP Bindings for Subscriber Access•
• show dhcp server binding on page 482
List of Sample Output clear dhcp server binding <ip-address> on page 448clear dhcp server binding all on page 449clear dhcp server binding interface on page 449clear dhcp server binding <interfaces-vlan> on page 449clear dhcp server binding <interfaces-wildcard> on page 449clear dhcp server binding dual-stack all on page 449
Output Fields See show dhcp server binding for an explanation of output fields.
Sample Output
clear dhcp server binding <ip-address>
The following sample output displays the address bindings in the DHCP client table on
the extended DHCP local server before and after the clear dhcp server binding command
is issued.
user@host> show dhcp server binding
Copyright © 2018, Juniper Networks, Inc.448
Broadband Subscriber ManagementWholesale Feature Guide
2 clients, (0 bound, 0 selecting, 0 renewing, 0 rebinding)
IP address Hardware address Type Lease expires at198.51.100.1 00:00:5e:00:53:01 active 2007-01-17 11:38:47 PST198.51.100.3 00:00:5e:00:53:02 active 2007-01-17 11:38:41 PST
user@host> clear dhcp server binding 198.51.100.1
user@host> show dhcp server binding
1 clients, (0 bound, 0 selecting, 0 renewing, 0 rebinding)
IP address Hardware address Type Lease expires at198.51.100.3 00:00:5e:00:53:02 active 2007-01-17 11:38:41 PST
clear dhcp server binding all
The following command clears all DHCP local server bindings:
user@host> clear dhcp server binding all
clear dhcp server binding interface
The following command clears DHCP local server bindings on a specific interface:
user@host> clear dhcp server binding interface fe-0/0/2
clear dhcp server binding <interfaces-vlan>
The following command uses the interfaces-vlan option to clear all DHCP local server
bindings on topof the underlying interfaceae0, which clearsDHCPbindings onall demux
VLANs on top of ae0:
user@host> clear dhcp server binding ae0
clear dhcp server binding <interfaces-wildcard>
The followingcommanduses the interfaces-wildcardoption toclearallDHCP local server
bindings over a specific interface:
user@host> clear dhcp server binding ge-1/0/0.*
clear dhcp server binding dual-stack all
The following command clears all the dual-stack local server bindings.
user@host> clear dhcp server binding dual-stack all
449Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
clear dhcp server statistics
Syntax clear dhcp server statistics<bulk-leasequery-connections><logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 9.0.
bulk-leasequery-connections option introduced in Junos OS Release 16.1.
Description Clear all extended Dynamic Host Configuration Protocol (DHCP) local server statistics.
Options bulk-leasequery-connections—(Optional) Clear bulk leasequery statistics.
logical-system logical-system-name—(Optional) Clear the statistics for DHCP clientson the specified logical system. If you do not specify a logical system, statistics are
cleared for the default logical system.
routing-instance routing-instance-name—(Optional)Clear thestatistics forDHCPclientson the specified routing instance. If you do not specify a routing instance, statistics
are cleared for the default routing instance.
Required PrivilegeLevel
view
List of Sample Output clear dhcp server statistics on page 450
Output Fields See show dhcp server statistics for an explanation of output fields.
Sample Output
clear dhcp server statistics
The following sample output displays the extended DHCP local server statistics before
and after the clear dhcp server statistics command is issued.
user@host> show dhcp server statisticsPackets dropped: Total 1 Lease Time Violation 1
Messages received: BOOTREQUEST 89163 DHCPDECLINE 0 DHCPDISCOVER 8110 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 81053
Messages sent: BOOTREPLY 32420 DHCPOFFER 8110
Copyright © 2018, Juniper Networks, Inc.450
Broadband Subscriber ManagementWholesale Feature Guide
DHCPACK 8110 DHCPNAK 8100
user@host> clear dhcp server statistics
user@host> show dhcp server statisticsPackets dropped: Total 0
Messages received: BOOTREQUEST 0 DHCPDECLINE 0 DHCPDISCOVER 0 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 0
Messages sent: BOOTREPLY 0 DHCPOFFER 0 DHCPACK 0 DHCPNAK 0
451Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
clear dhcpv6 server binding
Syntax clear dhcpv6 server binding<address><all><interface interface-name><interfaces-vlan><interfaces-wildcard><logical-system logical-system-name><routing-instance routing-instance-name><dual-stack>
Release Information Command introduced in Junos OS Release 9.6.
Options interfaces-vlan and interfaces-wildcard added in Junos OS Release 12.1.
Command updated with dual-stack statement in Junos OS Release 17.3.
Description Clear the binding state of a Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
client from the client table on the extended DHCPv6 local server.
Options address—(Optional) Clear the binding state for the DHCPv6 client, using one of thefollowing entries:
• CID—The specified Client ID (CID).
• ipv6-prefix—The specified IPv6 prefix.
• session-id—The specified session ID.
all—(Optional) Clear the binding state for all DHCPv6 clients.
interface interface-name—(Optional) Clear the binding state for DHCPv6 clients on thespecified interface.
interfaces-vlan—(Optional)Clear thebinding stateon the interfaceVLAN IDandS-VLANID.
interfaces-wildcard—(Optional)Clearbindingsonasetof interfaces.Thisoptionsupportsthe use of the wildcard character (*).
logical-system logical-system-name—(Optional) Clear the binding state for DHCPv6clients on the specified logical system.
routing-instance routing-instance-name—(Optional)Clear thebindingstate forDHCPv6clients on the specified routing instance.
dual-stack—(Optional) Remove either both arms or single arm of dual-stack.
Copyright © 2018, Juniper Networks, Inc.452
Broadband Subscriber ManagementWholesale Feature Guide
NOTE:
• The dual-stack command is added in the syntax removes both arms
of the dual-stack with a single command entry.
• When the dual-stack command is not added in the syntax, the clear
dhcpv6 server binding command clears only the family specific arm of
the dual-stack.
Required PrivilegeLevel
clear
RelatedDocumentation
Clearing DHCP Bindings for Subscriber Access•
• show dhcpv6 server binding on page 493
List of Sample Output clear dhcpv6 server binding all on page 453clear dhcpv6 server binding <ipv6-prefix> on page 453clear dhcpv6 server binding interface on page 453clear dhcpv6 server binding <interfaces-vlan> on page 454clear dhcpv6 server binding <interfaces-wildcard> on page 454clear dhcpv6 server binding dual-stack all on page 454
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
clear dhcpv6 server binding all
The following command clears all DHCPv6 local server bindings:
user@host> clear dhcpv6 server binding all
clear dhcpv6 server binding <ipv6-prefix>
The following command clears DHCPv6 local server bindings for a specific IPv6 prefix:
user@host> clear dhcpv6 server binding 14/0x00010001/0x02b3be8f/0x00109400/0x0005
clear dhcpv6 server binding interface
The following command clears DHCPv6 local server bindings on a specific interface:
user@host> clear dhcpv6 server binding interface fe-0/0/2
453Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
clear dhcpv6 server binding <interfaces-vlan>
The following command uses the interfaces-vlan option to clear all DHCPv6 local server
bindings on top of the underlying interface ae0, which clears DHCPv6 bindings on all
demux VLANs on top of ae0:
user@host> clear dhcpv6 server binding interface ae0
clear dhcpv6 server binding <interfaces-wildcard>
The following command uses the interfaces-wildcard option to clear all DHCPv6 local
server bindings over a specific interface:
user@host> clear dhcpv6 server binding ge-1/0/0.*
clear dhcpv6 server binding dual-stack all
The following command clears all the dual-stack local server bindings.
user@host> clear dhcpv6 server binding dual-stack all
Copyright © 2018, Juniper Networks, Inc.454
Broadband Subscriber ManagementWholesale Feature Guide
clear dhcpv6 server statistics
Syntax clear dhcpv6 server statistics<bulk-leasequery-connections><interface interface-name><logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 9.6.
bulk-leasequery-connections option introduced in Junos OS Release 16.1.
Description Clear all extended Dynamic Host Configuration Protocol for IPv6 (DHCPv6) local server
statistics.
Options bulk-leasequery-connections—(Optional) Clear bulk leasequery statistics.
logical-system logical-system-name—(Optional)Clear the statistics forDHCPv6clientson the specified logical system. If you do not specify a logical system, statistics are
cleared for the default logical system.
routing-instance routing-instance-name—(Optional) Clear the statistics for DHCPv6clients on the specified routing instance. If you do not specify a routing instance,
statistics are cleared for the default routing instance.
Required PrivilegeLevel
clear
RelatedDocumentation
show dhcpv6 server statistics on page 499•
List of Sample Output clear dhcpv6 server statistics on page 455
Output Fields When you enter this command, you are provided feedback on the status of your request.
Sample Output
clear dhcpv6 server statistics
user@host> clear dhcpv6 server statistics
455Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
clear network-access aaa subscriber
Syntax clear network-access aaa subscriber<session-id identifier <reconnect>><statistics username username><username username <reconnect>>
Release Information Command introduced in Junos OS Release 9.1.
reconnect and session-id options added in Junos OS Release 16.1R4.
Description ClearAAAsubscriber statisticsand logout subscribers.Youcan logout subscribersbased
on the username or on the subscriber session identifier. Use the session identifier when
more than one session has the same username string.
Options reconnect—(Optional) Reconnect as a Layer 2 wholesale session when the subscribersession has been fully logged out. This option is equivalent to issuing a
RADIUS-initiated disconnect with reconnect semantics; that is, when themessage
includesAcct-Terminate-Cause (RADIUSattribute 49)with a value of callback (16).
You can apply this option to either a Layer 2 wholesale session or a conventionally
auto-sensed dynamic VLAN supporting a PPPoE session.
In the latter case, this option triggers a PPPoE session logout and removal of the
dynamic VLAN logical interface. This is followed by authorization of the access-line
to attempt creation of a dynamic VLAN IFL supporting Layer 2 wholesale session in
its place.
session-id identifier—(Optional) Log out the subscriber based on the subscriber sessionidentifier.
statistics username username—(Optional) Clear AAA subscriber statistics and log outthe subscriber.
username username—(Optional) Log out the AAA subscriber.
Required PrivilegeLevel
maintenance
RelatedDocumentation
Verifying and Managing Subscriber AAA Information•
List of Sample Output clear network-access aaa subscriber statistics username on page 457clear network-access aaa subscriber username on page 457clear network-access aaa subscriber username on page 457
Output Fields When you enter this command, you are provided feedback on the status of your request.
Copyright © 2018, Juniper Networks, Inc.456
Broadband Subscriber ManagementWholesale Feature Guide
Sample Output
clear network-access aaa subscriber statistics username
user@host> clear network-access aaa subscriber statistics username [email protected]
clear network-access aaa subscriber username
user@host> clear network-access aaa subscriber username [email protected]
clear network-access aaa subscriber username
user@host> clear network-access aaa subscriber session-id 18367425
457Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
request ancp oam port-down
Syntax request ancp oam port-down(neighbor ip-address | subscriber-interface physical-interface-name)circuit-id aci remote-id ari outer-vlan-id vlan-id
Release Information Command introduced in Junos OS Release 16.1R4.
Description Simulate an ANCP Port Downmessage on the specified access loop for troubleshooting
or tomitigate anabnormal condition. Triggers removal of the correspondingout-of-band
triggered, autosensed dynamic VLAN session for which no ANCP-sourced information
exists. Youmust specify an ACI, an ARI, and an outer VLAN tag. This command is
overridden by a genuine ANCP Port-Upmessage, meaning that you cannot use this
command to initiate a Port Down condition when the access node has already reported
a Port Up condition.
Options aci—ANCP Access-Loop-Circuit-ID TLV that corresponds to a subscriber interface onthe access node; used to identify the access node fromwhich the message is
simulated.
ari—ANCP Access-Loop-Remote-ID TLV that identifies the subscriber associated withan interface on the access node; used to identify the access node fromwhich the
message is simulated.
ip-address—IP address that specifies the access node fromwhich the message is
simulated.
physical-interface-name—Nameof the access-facing subscriber interface that specifiesthe access node on whose local loop the loopback test is run.
vlan-id—ANCP Access-Aggregation-Circuit-ID-Binary TLV, the outer VLAN tag insertedby the access node on upstream traffic; used to identify the access node fromwhich
the message is simulated.
Required PrivilegeLevel
view
RelatedDocumentation
TriggeringANCPOAMtoSimulateANCPPortDownandPortUpMessagesonpage 174•
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
List of Sample Output request ancp oamport-downneighbor circuit-id remote-id outer-vlan-id onpage459
Output Fields When you enter this command, you are provided no feedback on the status of your
request.Youcanenter the showancpneighbordetail, showsubscribersclient-typevlan-oob
detail, and the show subscribers summary commands before and after initiating the Port
Downmessage to verify the operation.
Copyright © 2018, Juniper Networks, Inc.458
Broadband Subscriber ManagementWholesale Feature Guide
Sample Output
request ancp oam port-down neighbor circuit-id remote-id outer-vlan-id
user@host> request ancp oam port-down neighbor 192.168.25.31 circuit-id line-aci-1 remote-idline-ari-1 outer-vlan-id 126
459Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
request ancp oam port-up
Syntax request ancp oam port-up(neighbor ip-address | subscriber-interface physical-interface-name)circuit-id aci remote-id ari outer-vlan-id vlan-id
Release Information Command introduced in Junos OS Release 16.1R4.
Description Simulate an ANCP Port Upmessage on the specified access loop for troubleshooting or
to mitigate an abnormal condition. Youmust specify an ACI, an ARI, and an outer VLAN
tag. This command is overridden by a genuine ANCP Port Downmessage, meaning that
you cannot use this command to initiate a Port Up condition when the access node has
already reported a Port Down condition.
Options aci—ANCP Access-Loop-Circuit-ID TLV that corresponds to a subscriber interface onthe access node; used to identify the access node fromwhich the message is
simulated.
ip-address—IP address that specifies the access node fromwhich the message is
simulated.
ari—ANCP Access-Loop-Remote-ID TLV that identifies the subscriber associated withan interface on the access node; used to identify the access node fromwhich the
message is simulated.
physical-interface-name—Nameof the access-facing subscriber interface that specifiesthe access node on whose local loop the loopback test is run.
vlan-id—ANCP Access-Aggregation-Circuit-ID-Binary TLV, the outer VLAN tag insertedby the access node on upstream traffic; used to identify the access node fromwhich
the message is simulated.
Required PrivilegeLevel
view
RelatedDocumentation
TriggeringANCPOAMtoSimulateANCPPortDownandPortUpMessagesonpage 174•
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
List of Sample Output request ancp oam port-up neighbor circuit-id remote-id outer-vlan-id on page 461
Output Fields When you enter this command, you are provided no feedback on the status of your
request.Youcanenter the showancpneighbordetail, showsubscribersclient-typevlan-oob
detail, and the show subscribers summary commands before and after initiating the Port
Upmessage to verify the operation.
Copyright © 2018, Juniper Networks, Inc.460
Broadband Subscriber ManagementWholesale Feature Guide
Sample Output
request ancp oam port-up neighbor circuit-id remote-id outer-vlan-id
user@host> request ancp oam port-up neighbor 192.168.25.31 circuit-id line-aci-1 remote-idline-ari-1 outer-vlan-id 126
461Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
request auto-configuration reconnect-pending
Syntax request auto-configuration reconnect-pending
Release Information Command introduced in Junos OS Release 16.1R4.
Description Initiate reestablishment of Layer 2 wholesale sessions that correspond to access lines
that are in the pending state. Ordinarily, the most likely situations with pending sessions
arehandledautomaticallyThis statement is intended tobeusedonlywhenanuncommon
conditionmight prevent automatic reestablishment. This command has no effect when
no pending sessions are present.
Required PrivilegeLevel
view
RelatedDocumentation
Reestablishing Pending Access Line Sessions for Layer 2Wholesale on page 177•
• Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99
List of Sample Output request auto-configuration reconnect-pending on page 462
Output Fields When you enter this command, you are provided no feedback on the status of your
request.Youcanenter the showancpneighbordetail, showsubscribersclient-typevlan-oob
detail, and the show subscribers summary commands before and after initiating the Port
Upmessage to verify the operation.
Sample Output
request auto-configuration reconnect-pending
user@host> request auto-configuration reconnect-pending
Copyright © 2018, Juniper Networks, Inc.462
Broadband Subscriber ManagementWholesale Feature Guide
show ancp neighbor
Syntax show ancp neighbor<brief | detail><ip-address ip-address<system-namemac-address>
Release Information Command introduced in Junos OS Release 9.4.
Description Display informationaboutall ANCPneighborsor the specifiedANCPneighbor, regardless
of operational state.
Options brief | detail—(Optional) Display the specified level of detail.
ip-address ip-address—(Optional) Display information about the neighbor (accessnode) specified by the IP address.
system-namemac-address—(Optional)Display informationabout theneighbor (accessnode) specified by the MAC address.
Required PrivilegeLevel
view
RelatedDocumentation
show ancp cos•
• show ancp subscriber
List of Sample Output show ancp neighbor on page 466show ancp neighbor detail on page 467show ancp neighbor ip-address on page 468show ancp neighbor system-name on page 469
Output Fields Table 15onpage463 lists theoutput fields for the showancpneighbor command.Output
fields are listed in the approximate order in which they appear.
Table 15: show ancp neighbor Output Fields
Level ofOutputField DescriptionField Name
brief detailnone
Version of the ANCP implementation:
• 0x31—General Switch Management Protocol (GSMP) version 3, sub-version 1;ANCP version before RFC 6320, Protocol for Access Node Control Mechanism inBroadband Networks.
• 0x32—ANCP version 1, defined in RFC 6320, Protocol for Access Node ControlMechanism in Broadband Networks.
Version
brief detailnone
IP address of the ANCP neighbor.IP Address
463Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 15: show ancp neighbor Output Fields (continued)
Level ofOutputField DescriptionField Name
brief noneNumber that associates the ANCPmessage with a specific partition.PartId
All levelsOperational state of the ANCP adjacency:
• Configured—The neighbor has been configured, but has never been in theEstablished state. An asterisk (*) is prefixed to the neighbor entry for this state.
• Establishing—Adjacencynegotiations are in progress for theneighbor. Anasterisk(*) is prefixed to the neighbor entry for this state. This state is rarely seenbecausethe adjacency is established so quickly.
• Established—Adjacency negotiations have succeeded for the neighbor and anANCP session has been established.
• Not Estblshed—Not Established; adjacency negotiations are ready to begin.Indicates that this neighbor previously had been in the Established state; that is,it has lost a previously established adjacency. An asterisk (*) is prefixed to theneighbor entry for this state.
State
brief detailnone
How long the adjacency has been up in one of the following formats:
• nwndnh—number of weeks, days, and hours
• nd hh:mm:ss—number of days, hours, minutes, and seconds
Time
brief noneNumber of subscribers associated with the ANCP neighbor (access local loop).Subscriber Count
All levelsNegotiated ANCP capability:
• Topo—Topology discovery.
• OAM—Performance of local Operations Administration Maintenance (OAM)procedures on an access loop controlled by the router.
Capabilities
detailMAC address of the ANCP neighbor.SystemName
detailTCP port on which ANCPmessages are exchanged.TCP Port
detailNumber identifying the ANCP link instance from the edge device’s perspective.System Instance
detailNumber identifying the ANCP instance from the access node’s perspective. Thisnumber is unique and changes when the node or link comes back up after goingdown.
Peer Instance
detailAdjacency timer value advertised by the ANCP peer in 100ms increments; theintervalbetweenANCPACKmessages.This value remainsconstant for thedurationof an ANCP session.
Timer
detailNumber that identifies whether partitions are used and how the ID is negotiated:
• 0—No partition.
• 1—Fixed partition requested.
• 2—Fixed partition assigned.
Partition Type
Copyright © 2018, Juniper Networks, Inc.464
Broadband Subscriber ManagementWholesale Feature Guide
Table 15: show ancp neighbor Output Fields (continued)
Level ofOutputField DescriptionField Name
detailNumber that specifies the type of partition requested: 1 (new adjacency) or 2(recovered adjacency).
Partition Flag
detailNumber that identifies a logical partition of an access node with which the ANCPagent has formed an adjacency.
A value of zero indicates that the agent supports each neighbor on an IP addressover a single TCP sessionwith a partition ID of zero. This is the default support case.
A nonzero value indicates that the agent supports each neighbor on an IP addressover a single TCP session with a nonzero partition ID.
Partition Identifier
detailNumber of adjacencies that share the partition.Partition Adjacencies
detailRemaining period that the edge devicewaits for adjacency packets fromaneighborbefore declaring the neighbor to be down. Themaximum dead time value is threetimes the configured adjacency timer value. This field displays the current valuebased on the time that the last adjacency packet was received.
Dead Timer
detailNumber of synchronization messages received from neighbors to maintainadjacencies.
Received Syn Count
detailNumber of synchronization acknowledgment messages received from neighborsin response to the node’s synchronization messages.
Received Synack Count
detailNumberofmessages received fromneighbors indicating that the link to theneighborneeds to be reset.
Received Rstack Count
detailNumber of acknowledgment messages periodically received from neighbors afteran adjacency has been established.
Received Ack Count
detailNumber of status messages received from neighbors indicating that a port hastransitioned to the up state.
Received Port Up Count
detailNumber of status messages received from neighbors indicating that a port hastransitioned to the down state.
Received Port DownCount
detailNumber of generic responsemessages received from neighbors.Received Generic RespCount
detailNumber of adjacency update messages received from neighbors.Received AdjacencyUpdate Count
detailNumber of OAM responses received from neighbors in reply to request commands.Received OAMCount
detailNumber of all other ANCPmessage packets received from neighbors that do notfit into one of the other categories.
Received Other Count
detailNumber of synchronization messages sent to neighbors to maintain adjacencies.Sent Syn Count
465Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 15: show ancp neighbor Output Fields (continued)
Level ofOutputField DescriptionField Name
detailNumberofsynchronizationacknowledgmentmessagessent toneighbors in responseto the their synchronization messages.
Sent Synack Count
detailNumberofmessages sent toneighbors indicating that the link to theneighbor needsto be reset.
Sent Rstack Count
detailNumber of acknowledgment messages periodically sent to neighbors after anadjacency has been established.
Sent Ack Count
detailNumber of generic responsemessages sent to neighbors.SentGenericRespCount
detailNumber of OAM request commands sent to neighbors.Sent OAMCount
detailNumber of times that the maximum number of discovery table entries acceptedfrom the neighbor has been exceeded.
Max Discovery LimitExceed Count
detailNumber of generic responsemessages sent to neighbors that include each of thefollowing result codes:
• Invalid RequestMessageCount—Aproperly formed requestmessage violated theprotocolbecauseof timing (suchasa racecondition)ordirectionof transmission.
• Specified Port(s) Down Count—One or more of the specified ports are downbecauseofastatemismatchbetween the routerandanANCPcontrol application.
• Out of Resources Count—ANCP is out of resources, probably not related to theaccess lines. This result code is sent only by an access node.
• Request Msg Not Implemented Count—
• MalformedMsgCount—Message ismalformedbecause itwascorrupted in transitor there was an implementation error at either end of the connection.
• TLVMissing Count—One or more mandatory TLVs wasmissing from a request.
• Invalid TLV Contents Count—The contents of one or more TLVs in the request donot match its required specification.
• Non-Existent Port(s) Count—One or more of the ports specified in a request donot exist, possiblybecauseofaconfigurationmismatchbetween theaccessnodeand the router or AAA.
Result Codes
Sample Output
show ancp neighbor
user@host> show ancp neighbor Version IP Address PartID State Time Subscriber Capabilities Count 0x31 203.0.113.13 0 Established 11:24 2 Topo 0x31 203.0.113.15 0 Not Estblshd 2:45 2 Topo* 0x0 198.51.100.102 0 Establishing 0 0
Copyright © 2018, Juniper Networks, Inc.466
Broadband Subscriber ManagementWholesale Feature Guide
* 0x0 192.0.2.0 0 Configured 0 0* 0x0 192.0.2.1 0 Configured 0 0
show ancp neighbor detail
user@host> show ancp neighbor detail Neighbor Information Version : 0x31 IP Address : 192.0.2.85 System Name : 00:00:5e:00:53:01 Up Time : 26 TCP Port : 32666 State : Established Subscriber Count : 4 Capabilities : Topo System Instance : 2 Peer Instance : 20 Adjacency Timer (in 100ms) : 100 Peer Adjacency Timer (in 100ms) : 100 Partition Type : 0 Partition Flag : 1 Partition Identifier : 0 Partition Adjacencies : 0 Dead Timer : 23 Received Syn Count : 1 Received Synack Count : 1 Received Rstack Count : 0 Received Ack Count : 4 Received Port Up Count : 10 Received Port Down Count : 0 Received Generic Resp Count : 0 Received Adjacency Update Count : 0 Received OAM Count : 0 Received Other Count : 0 Sent Syn Count : 1 Sent Synack Count : 2 Sent Rstack Count : 0 Sent Ack Count : 3 Sent Generic Resp Count : 0 Sent OAM Count : 0 Max Discovery Limit Exceed Count : 0 Result Codes: Received Sent Invalid Request Message Count : 0 0 Specified Port(s) Down Count : 0 0 Out of Resources Count : 0 0 Request Msg Not Implemented Count: 0 0 Malformed Msg Count : 0 0 TLV Missing Count : 0 0 Invalid TLV Contents Count : 0 0 Non-Existent Port(s) Count : 0 0
Version : 0x32 IP Address : 192.168.9.1 System Name : 00:00:5e:00:53:02 Up Time : 36 TCP Port : 61408 State : Not Established Subscriber Count : 1 Capabilities : Topology Discovery System Instance : 12
467Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Peer Instance : 1 Adjacency Timer (in 100ms) : 50 Peer Adjacency Timer (in 100ms) : 100 Partition Type : 0 Partition Flag : 1 Partition Identifier : 0 Partition Adjacencies : 0 Dead Timer : 23 Received Syn Count : 24 Received Synack Count : 20 Received Rstack Count : 2 Received Ack Count : 9 Received Port Up Count : 5 Received Port Down Count : 0 Received Generic Resp Count : 0 Received Adjacency Update Count : 0 Received OAM Responses Count : 2 Received Other Count : 0 Sent Syn Count : 20 Sent Synack Count : 24 Sent Rstack Count : 1 Sent Generic Resp Count : 0 Sent Ack Count : 9 Sent OAM Requests Count : 4 Max Discovery Limit Exceed Count : 0 Result Codes: Received Sent Invalid Request Message Count : 0 0 Specified Port(s) Down Count : 0 0 Out of Resources Count : 0 0 Request Msg Not Implemented Count: 0 0 Malformed Msg Count : 0 0 TLV Missing Count : 0 0 Invalid TLV Contents Count : 0 0 Non-Existent Port(s) Count : 0 0
show ancp neighbor ip-address
user@host> show ancp neighbor ip-address 192.0.2.85
Neighbor Information Version : 0x32 IP Address : 192.0.2.85 System Name : 00:00:5e:00:53:ba Up Time : 26 TCP Port : 32666 State : Established Subscriber Count : 4 Capabilities : Topo System Instance : 2 Peer Instance : 20 Adjacency Timer (in 100ms) : 100 Peer Adjacency Timer (in 100ms) : 100 Partition Type : 0 Partition Flag : 1 Partition Identifier : 0 Partition Adjacencies : 0 Dead Timer : 23 Received Syn Count : 1 Received Synack Count : 1 Received Rstack Count : 0 Received Ack Count : 4
Copyright © 2018, Juniper Networks, Inc.468
Broadband Subscriber ManagementWholesale Feature Guide
Received Port Up Count : 10 Received Port Down Count : 0 Received Generic Resp Count : 0 Received Adjacency Update Count : 0 Received OAM Count : 0 Received Other Count : 0 Sent Syn Count : 1 Sent Synack Count : 2 Sent Rstack Count : 0 Sent Ack Count : 3 Sent Generic Resp Count : 0 Sent OAM Count : 0 Max Discovery Limit Exceed Count : 0 Result Codes: Received Sent Invalid Request Message Count : 0 0 Specified Port(s) Down Count : 0 0 Out of Resources Count : 0 0 Request Msg Not Implemented Count: 0 0 Malformed Msg Count : 0 0 TLV Missing Count : 0 0 Invalid TLV Contents Count : 0 0 Non-Existent Port(s) Count : 0 0
show ancp neighbor system-name
user@host> show ancp neighbor 00:00:5e:00:53:ba detail
Neighbor Information Version : 0x31 IP Address : 203.0.113.101 System Name : 00:00:5e:00:53:ba Up Time : 19 TCP Port : 1028 State : Established Subscriber Count : 2 Capabilities : Topology Discovery, OAM System Instance : 1 Peer Instance : 10 Adjacency Timer (in 100ms) : 100 Peer Adjacency Timer (in 100ms) : 250 Partition Type : 0 Partition Flag : 1 Partition Identifier : 0 Partition Adjacencies : 0 Dead Timer : 55 Received Syn Count : 1
Received Synack Count : 1 Received Rstack Count : 0 Received Ack Count : 1 Received Port Up Count : 34 Received Port Down Count : 0 Received Generic Resp Count : 0 Received Adjacency Update Count : 0 Received OAM Responses Count : 2 Received Other Count : 0 Sent Syn Count : 1 Sent Synack Count : 1 Sent Rstack Count : 0 Sent Ack Count : 3 Sent Generic Resp Count : 0
469Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sent OAM Requests Count : 4 Max Discovery Limit Exceed Count : 3 Result Codes: Received Sent Invalid Request Message Count : 0 0 Specified Port(s) Down Count : 0 0 Out of Resources Count : 0 0 Request Msg Not Implemented Count : 0 0 Malformed Msg Count : 0 0 TLV Missing Count : 0 0 Invalid TLV Contents Count : 0 0 Non-Existent Port(s) Count : 0 0
Copyright © 2018, Juniper Networks, Inc.470
Broadband Subscriber ManagementWholesale Feature Guide
show auto-configuration out-of-band pending
Syntax show auto-configuration out-of-band pending
Release Information Command introduced Junos OS Release 16.1R4.
Description Displaya list of access lines thatare in thepending state for each routing instance.Access
lines transition to thependingstatewhen theLayer 2wholesale sessionpassesauthorized
and is assigned to an existing, nondefault routing instance, but profile instantiation to
create the dynamic VLAN logical interface fails.
Required PrivilegeLevel
view
RelatedDocumentation
Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99•
List of Sample Output show auto-configuration out-of-band pending on page 471
Output Fields Table 16 on page 471 lists the output fields for the show auto-configuration out-of-band
pendingcommand.Output fieldsare listed in theapproximateorder inwhich theyappear.
Table 16: show auto-configuration out-of-band pending Output Fields
Field DescriptionField Name
Name of the routing instance for which the pending count is displayed.Routing-Instance
Number of access lines in the routing instance that are in the pending state.Pending count
Sample Output
show auto-configuration out-of-band pending
user@host> show auto-configuration out-of-band pendingRouting-Instance: NSP1Pending count: 12
Routing-Instance: NSP2Pending count: 0
471Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show dhcp relay binding
Syntax show dhcp relay binding<address><brief><detail><interface interface-name><interfaces-vlan><interfaces-wildcard><ip-address | mac-address><logical-system logical-system-name><routing-instance routing-instance-name><summary>
Release Information Command introduced in Junos OS Release 8.3.
Options interface andmac-address added in Junos OS Release 8.4.
Options interfaces-vlan and interfaces-wildcard added in Junos OS Release 12.1.
Command introduced in Junos OS Release 12.1X48R3 for PTX Series Packet Transport
Routers.
Description Display the address bindings in the Dynamic Host Configuration Protocol (DHCP) client
table.
Options address—(Optional) Display DHCP binding information for a specific client identified byone of the following entries:
• ip-address—The specified IP address.
• mac-address—The specified MAC address.
• session-id—The specified session ID.
brief—(Optional) Display brief information about the active client bindings. This is thedefault, and produces the same output as show dhcp relay binding.
detail—(Optional) Display detailed client binding information.
interface interface-name—(Optional) Perform this operation on the specified interface.
You can optionally filter on VLAN ID and SVLAN ID.
interfaces-vlan—(Optional) Show the binding state information on the interface VLAN
ID and S-VLAN ID.
interfaces-wildcard—(Optional) The set of interfaces on which to show binding state
information. This option supports the use of the wildcard character (*).
logical-system logical-system-name—(Optional)Performthisoperationon thespecified
logical system.
routing-instance routing-instance-name—(Optional) Perform this operation on the
specified routing instance.
Copyright © 2018, Juniper Networks, Inc.472
Broadband Subscriber ManagementWholesale Feature Guide
summary—(Optional) Display a summary of DHCP client information.
Required PrivilegeLevel
view
RelatedDocumentation
Clearing DHCP Bindings for Subscriber Access•
• clear dhcp relay binding on page 441
List of Sample Output show dhcp relay binding on page 475show dhcp relay binding detail on page 475show dhcp relay binding interface on page 475show dhcp relay binding interface vlan-id on page 476show dhcp relay binding interface svlan-id on page 476show dhcp relay binding ip-address on page 476show dhcp relay bindingmac-address on page 476show dhcp relay binding session-id on page 476show dhcp relay binding <interfaces-vlan> on page 476show dhcp relay binding <interfaces-wildcard> on page 476show dhcp relay binding summary on page 477
Output Fields Table 17 on page 473 lists the output fields for the show dhcp relay binding command.
Output fields are listed in the approximate order in which they appear.
Table 17: show dhcp relay binding Output Fields
Level ofOutputField DescriptionField Name
summarySummary counts of the total number of DHCP clients and thenumber of DHCP clients in each state.
number clients,(number init, number bound,numberselecting,number requesting,numberrenewing, number rebinding, numberreleasing)
brief detailIP address of the DHCP client.IP address
brief detailSession ID of the subscriber session.Session Id
detailRemote ID generated by the Option 82 Agent Remote ID(suboption 1)
Generated Remote ID
brief detailHardware address of the DHCP client.Hardware address
brief detailNumber of seconds in which the lease expires.Expires
473Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 17: show dhcp relay binding Output Fields (continued)
Level ofOutputField DescriptionField Name
brief detailState of the DHCP relay address binding table on the DHCPclient:
• BOUND—Client has an active IP address lease.
• INIT—Initial state.
• REBINDING—Client is broadcasting a request to renew theIP address lease.
• RELEASE—Client is releasing the IP address lease.
• RENEWING—Client is sending a request to renew the IPaddress lease.
• REQUESTING—Client is requesting a DHCP server.
• SELECTING—Client is receiving offers from DHCP servers.
State
briefIncoming client interface.Interface
detailDate and time at which the client’s IP address lease expires.Lease Expires
detailNumber of seconds in which the lease expires.Lease Expires in
detailDate and time at which the client’s IP address lease started.Lease Start
detailLease time violation has occurred.Lease time violated
detailClient’s incoming interface.Incoming Client Interface
detailIP address of the DHCP server.Server IP Address
detailInterface of the DHCP server.Server Interface
detailIP address of BOOTP relay.Bootp Relay Address
All levelsType of DHCP packet processing performed on the router:
• active—Router actively processes and relays DHCP packets.
• passive—Router passively snoops DHCP packets passingthrough the router.
Type
All levelsDate and time at which the client’s IP address lease expires.Lease expires at
detailName of dual stack that is configured with the DHCP binding.Dual Stack Group
detailPrefix of dual stack DHCPv6 peer.Dual Stack Peer Prefix
detailAddress of the dual stack DHCPv6 peer.Dual Stack Peer Address
Copyright © 2018, Juniper Networks, Inc.474
Broadband Subscriber ManagementWholesale Feature Guide
Sample Output
show dhcp relay binding
user@host> show dhcp relay bindingIP address Session Id Hardware address Expires State Interface198.51.100.11 41 00:00:5e:00:53:01 86371 BOUND ge-1/0/0.0
198.51.100.12 42 00:00:5e:00:53:02 86371 BOUND ge-1/0/0.0
198.51.100.13 43 00:00:5e:00:53:03 86371 BOUND ge-1/0/0.0
198.51.100.14 44 00:00:5e:00:53:04 86371 BOUND ge-1/0/0.0
198.51.100.15 45 00:00:5e:00:53:05 86371 BOUND ge-1/0/0.0
show dhcp relay binding detail
user@host> show dhcp relay binding detail
Client IP Address: 198.51.100.11 Hardware Address: 00:00:5e:00:53:01 State: BOUND(DHCP_RELAY_STATE_BOUND_ON_INTF_DELETE) Lease Expires: 2009-07-21 11:00:06 PDT Lease Expires in: 86361 seconds Lease Start: 2009-07-20 11:00:06 PDT Lease time violated: yes Last Packet Received: 2009–07–20 11:00:06 PDT Incoming Client Interface: ge-1/0/0.0 Server Ip Address: 198.51.100.22 Server Interface: none Bootp Relay Address: 198.51.100.32 Session Id: 41 Dual Stack Group: dual-stack-retail6 Dual Stack Peer Prefix: 2001:db8:0:4::/64 Dual Stack Peer Address: 2001:db8:1:0:8003::1/128
Client IP Address: 198.51.100.12 Hardware Address: 00:00:5e:00:53:02 State: BOUND(DHCP_RELAY_STATE_BOUND_ON_INTF_DELETE) Lease Expires: 2009-07-21 11:00:06 PDT Lease Expires in: 86361 seconds Lease Start: 2009-07-20 11:00:06 PDT Last Packet Received: 2009–07–20 11:00:06 PDT Incoming Client Interface: ge-1/0/0.0 Server Ip Address: 198.51.100.22 Server Interface: none Bootp Relay Address: 198.51.100.32 Session Id: 42 Generated Remote ID host:ge-1/0/0:100
show dhcp relay binding interface
user@host> show dhcp relay binding interface fe-0/0/2
IP address Hardware address Type Lease expires at198.51.100.1 00:00:5e:00:53:01 active 2007-03-27 15:06:20 EDT
475Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show dhcp relay binding interface vlan-id
user@host> show dhcp relay binding interface ge-1/1/0:100
IP address Session Id Hardware address Expires State Interface198.51.100.15 6 00:00:5e:00:53:94 86124 BOUND ge-1/1/0:100
show dhcp relay binding interface svlan-id
user@host> show dhcp relay binding interface ge-1/1/0:10-100
IP address Session Id Hardware address Expires State Interface198.51.100.16 7 00:00:5e:00:53:92 86124 BOUND ge-1/1/0:10-100
show dhcp relay binding ip-address
user@host> show dhcp relay binding 198.51.100.13IP address Session Id Hardware address Expires State Interface198.51.100.13 43 00:00:5e:00:53:03 86293 BOUND ge-1/0/0.0
show dhcp relay bindingmac-address
user@host> show dhcp relay binding 00:00:5e:00:53:05IP address Session Id Hardware address Expires State Interface198.51.100.15 45 00:00:5e:00:53:05 86279 BOUND ge-1/0/0.0
show dhcp relay binding session-id
user@host> show dhcp relay binding 41 IP address Session Id Hardware address Expires State Interface198.51.100.11 41 00:00:5e:00:53:53 86305 BOUND ge-1/0/0.0
show dhcp relay binding <interfaces-vlan>
user@host> show dhcp relay binding ge-1/0/0:100-200IP address Session Id Hardware address Expires State Interface192.168.0.17 42 00:00:5e:00:53:02 86346 BOUND ge-1/0/0.1073741827 192.168.0.16 41 00:00:5e:00:53:01 86346 BOUND ge-1/0/0.1073741827
show dhcp relay binding <interfaces-wildcard>
user@host> show dhcp relay binding ge-1/3/*IP address Session Id Hardware address Expires State Interface192.168.0.9 24 00:00:5e:00:53:04 86361 BOUND ge-1/3/0.110 192.168.0.8 23 00:00:5e:00:53:03 86361 BOUND ge-1/3/0.110 192.168.0.7 22 00:00:5e:00:53:02 86361 BOUND ge-1/3/0.110
Copyright © 2018, Juniper Networks, Inc.476
Broadband Subscriber ManagementWholesale Feature Guide
show dhcp relay binding summary
user@host> show dhcp relay binding summary3 clients, (2 init, 1 bound, 0 selecting, 0 requesting, 0 renewing, 0 rebinding, 0 releasing)
477Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show dhcp relay statistics
Syntax show dhcp relay statistics<bulk-leasequery-connections><logical-system logical-system-name><routing-instance routing-instance-name>
Syntax Syntax for EX Series switches:
show dhcp relay statistics<routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 8.3.
Command introduced in Junos OS Release 12.1 for EX Series switches.
Command introduced in Junos OS Release 12.1X48R3 for PTX Series Packet Transport
Routers.
bulk-leasequery-connections option introduced in Junos OS Release 16.1.
Description Display Dynamic Host Configuration Protocol (DHCP) relay statistics.
Options bulk-leasequery-connections—(Optional) Display information about bulk leasequeryoperations.
logical-system logical-system-name—(Onroutersonly) (Optional)Performthisoperation
on the specified logical system. If youdonot specify a logical systemname, statistics
are displayed for the default logical system.
routing-instance routing-instance-name—(Optional) Perform this operation on the
specified routing instance. If you do not specify a routing instance name, statistics
are displayed for the default routing instance.
Required PrivilegeLevel
view
RelatedDocumentation
clear dhcp relay statistics on page 444•
List of Sample Output show dhcp relay statistics on page 480show dhcp relay statistics bulk-leasequery-connections on page 481
Output Fields Table 18 on page 479 lists the output fields for the show dhcp relay statistics command.
Output fields are listed in the approximate order in which they appear.
Copyright © 2018, Juniper Networks, Inc.478
Broadband Subscriber ManagementWholesale Feature Guide
Table 18: show dhcp relay statistics Output Fields
Field DescriptionField Name
Number of packets discarded by the extended DHCP relay agent application due to errors. Onlynonzero statistics appear in the Packets dropped output. When all of the Packets dropped statisticsare 0 (zero), only the Total field appears.
• Total—Total number of packets discarded by the extended DHCP relay agent application.
• Bad hardware address—Number of packets discarded because an invalid hardware address wasspecified.
• Bad opcode—Number of packets discarded because an invalid operation code was specified.
• Bad options—Number of packets discarded because invalid options were specified.
• Invalidserveraddress—Numberofpacketsdiscardedbecausean invalid serveraddresswasspecified.
• Lease Time Violation—Number of packets discarded because of a lease time violation
• No available addresses—Number of packets discarded because there were no addresses availablefor assignment.
• No interfacematch—Number of packets discarded because they did not belong to a configuredinterface.
• Norouting instancematch—Numberofpacketsdiscardedbecause theydidnotbelong toaconfiguredrouting instance.
• No valid local address—Number of packets discarded because there was no valid local address.
• Packet too short—Number of packets discarded because they were too short.
• Read error—Number of packets discarded because of a system read error.
• Send error—Number of packets that the extended DHCP relay application could not send.
• Option60—Number of packets discarded containingDHCPoption 60 vendor-specific information.
• Option82—NumberofpacketsdiscardedbecauseDHCPoption82 informationcouldnotbeadded.
Packets dropped
Number of DHCPmessages received.
• BOOTREQUEST—Number of BOOTP protocol data units (PDUs) received
• DHCPDECLINE—Number of DHCP PDUs of type DECLINE received
• DHCPDISCOVER—Number of DHCP PDUs of type DISCOVER received
• DHCPINFORM—Number of DHCP PDUs of type INFORM received
• DHCPRELEASE—Number of DHCP PDUs of type RELEASE received
• DHCPREQUEST—Number of DHCP PDUs of type REQUEST received
• DHCPLEASEACTIVE—Number of active DHCP leases
• DHCPLEASEUNASSIGNED—Number of DHCP leases that are managed by the server but have notyet been assigned
• DHCPLEASEUNKNOWN—Number of unknown DHCP leases
• DHCPLEASEQUERYDONE—The leasequery is complete
Messages received
Number of DHCPmessages sent.
• BOOTREPLY—Number of BOOTP PDUs transmitted
• DHCPOFFER—Number of DHCP OFFER PDUs transmitted
• DHCPACK—Number of DHCP ACK PDUs transmitted
• DHCPNACK—Number of DHCP NACK PDUs transmitted
• DHCPFORCERENEW—Number of DHCP FORCERENEWPDUs transmitted
• DHCPLEASEQUERY—Number of DHCP leasequery messages transmitted
• DHCPLEASEBULKLEASEQUERY—Number of DHCP bulk leasequery messages transmitted
Messages sent
479Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 18: show dhcp relay statistics Output Fields (continued)
Field DescriptionField Name
State of the external DHCP server responsiveness.External ServerResponse
Number of packets forwarded.
• BOOTREQUEST—Number of BOOTREQUEST protocol data units (PDUs) forwarded
• BOOTREPLY—Number of BOOTREPLY protocol data units (PDUs) forwarded
Packets forwarded
State of the external DHCP server responsiveness.External ServerResponse
Total numberof serverswithwhich theDHCP relayagent has requestedabulk leasequery connection.Total RequestedServers
Total number of servers with which the DHCP relay agent has attempted to create a bulk leasequeryconnection.
Total AttemptedServers
Total number of servers that have formed a bulk leasequery connection with the DHCP relay agent.Total Connected
Total number of servers that have terminated a bulk leasequery connection with the DHCP relayagent.
Total Terminated byServer
Total number of servers where the DHCP relay agent reached themaximum retry limit when itattempted to create a bulk leasequery connection.
Total Max Attempted
Total number of bulk leasequery connections that closed due to an internal error on the DHCP relayagent.
Total Closed due toErrors
Number of current bulk leasequery connections on the DHCP relay agent.In-Flight Connected
Number of bulk leasequery reply packets that the DHCP relay agent has retried.BulkLeaasequeryReplyPacket Retries
Sample Output
show dhcp relay statistics
user@host> show dhcp relay statisticsPackets dropped: Total 34 Bad hardware address 1 Bad opcode 1 Bad options 3 Invalid server address 5 Lease Time Violation 1 No available addresses 1 No interface match 2 No routing instance match 9 No valid local address 4 Packet too short 2 Read error 1
Copyright © 2018, Juniper Networks, Inc.480
Broadband Subscriber ManagementWholesale Feature Guide
Send error 1 Option 60 1 Option 82 2
Messages received: BOOTREQUEST 116 DHCPDECLINE 0 DHCPDISCOVER 11 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 105 DHCPLEASEACTIVE 0 DHCPLEASEUNASSIGNED 0 DHCPLEASEUNKNOWN 0 DHCPLEASEQUERYDONE 0
Messages sent: BOOTREPLY 0 DHCPOFFER 2 DHCPACK 1 DHCPNAK 0 DHCPFORCERENEW 0 DHCPLEASEQUERY 0 DHCPBULKLEASEQUERY 0
Packets forwarded: Total 4 BOOTREQUEST 2 BOOTREPLY 2
External Server Response: State Responding
show dhcp relay statistics bulk-leasequery-connections
user@host> show dhcp relay statistics bulk-leasequery-connections
Total Requested Servers: 0Total Attempted Servers: 0Total Connected: 0Total Terminated by Server: 0Total Max Attempted: 0Total Closed due to Errors: 0In-Flight Connected: 0Bulk Leasequery Reply Packet Retries: 0
481Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show dhcp server binding
Syntax show dhcp server binding<address><interfaces-vlan><brief | detail | summary><interface interface-name><interfaces-vlan><interfaces-wildcard><logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 9.0.
Options interfaces-vlan and interfaces-wildcard added in Junos OS Release 12.1.
Description Display the address bindings in the client table on the extended Dynamic Host
Configuration Protocol (DHCP) local server.
NOTE: If you delete the DHCP server configuration, DHCP server bindingsmight still remain. To ensure thatDHCPbindings are removed, issue the clear
dhcpserverbindingcommandbeforeyoudeletetheDHCPserverconfiguration.
Options address—(Optional) Display DHCP binding information for a specific client identified byone of the following entries:
• ip-address—The specified IP address.
• mac-address—The specified MAC address.
• session-id—The specified session ID.
brief | detail | summary—(Optional) Display the specified level of output about activeclient bindings. The default is brief, which produces the same output as show dhcp
server binding.
interface interface-name—(Optional) Display information about active client bindingson the specified interface. You can optionally filter on VLAN ID and SVLAN ID.
interfaces-vlan—(Optional) Show the binding state information on the interface VLAN
ID and S-VLAN ID.
interfaces-wildcard—(Optional) The set of interfacesonwhich to show thebinding state
information. This option supports the use of the wildcard character (*).
logical-system logical-system-name—(Optional)Display informationaboutactiveclientbindings for DHCP clients on the specified logical system.
routing-instance routing-instance-name—(Optional) Display information about activeclient bindings for DHCP clients on the specified routing instance.
Copyright © 2018, Juniper Networks, Inc.482
Broadband Subscriber ManagementWholesale Feature Guide
Required PrivilegeLevel
view
RelatedDocumentation
Clearing DHCP Bindings for Subscriber Access•
• Verifying and Managing Agent Circuit Identifier-Based Dynamic VLAN Configuration
• clear dhcp server binding on page 447
List of Sample Output show dhcp server binding on page 486show dhcp server binding detail on page 486show dhcp server binding detail (ACI Interface Set Configured) on page 487show dhcp server binding interface <vlan-id> on page 487show dhcp server binding interface <svlan-id> on page 487show dhcp server binding <ip-address> on page 487show dhcp server binding <session-id> on page 488show dhcp server binding summary on page 488show dhcp server binding <interfaces-vlan> on page 488show dhcp server binding <interfaces-wildcard> on page 488
Output Fields Table 19 on page 483 lists the output fields for the show dhcp server binding command.
Output fields are listed in the approximate order in which they appear.
Table 19: show dhcp server binding Output Fields
Level of OutputField DescriptionField Name
summarySummary counts of the total number of DHCP clients andthe number of DHCP clients in each state.
number clients,(number init,number bound,number selecting,number requesting,number renewing,number releasing)
briefdetail
IP address of the DHCP client.IP address
briefdetail
Session ID of the subscriber session.Session Id
briefdetail
Hardware address of the DHCP client.Hardware address
briefdetail
Number of seconds in which lease expires.Expires
483Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 19: show dhcp server binding Output Fields (continued)
Level of OutputField DescriptionField Name
briefdetail
State of the address binding table on the extended DHCPlocal server:
• BOUND—Client has active IP address lease.
• FORCERENEW—Clienthas received forcerenewmessagefrom server.
• INIT—Initial state.
• RELEASE—Client is releasing IP address lease.
• RENEWING—Client sending request to renew IPaddresslease.
• REQUESTING—Client requesting a DHCP server.
• SELECTING—Client receiving offers from DHCP servers.
State
briefInterface on which the request was received.Interface
detailDateand timeatwhich theclient’s IPaddress leaseexpires.Lease Expires
detailNumber of seconds in which lease expires.Lease Expires in
detailDateand timeatwhich theclient’s IPaddress lease started.Lease Start
detailLease time violation has occurred.Lease time violated
detailDate and time atwhich the router received the last packet.Last Packet Received
detailClient’s incoming interface.Incoming Client Interface
detailS-VLAN ID of the client’s incoming interface.Client Interface Svlan Id
detailVLAN ID of the client’s incoming interface.Client Interface Vlan Id
detailName of the IP demultiplexing (demux) interface.Demux Interface
detailIP address of DHCP server.Server IP Address or Server Identifier
detailInterface of DHCP server.Server Interface
detailName of address pool used to assign client IP addresslease.
Client Pool Name
Copyright © 2018, Juniper Networks, Inc.484
Broadband Subscriber ManagementWholesale Feature Guide
Table 19: show dhcp server binding Output Fields (continued)
Level of OutputField DescriptionField Name
detailState of the liveness detection status for a subscriber’sBidirectional ForwardingDetection (BFD)protocol session:
NOTE: Thisoutput fielddisplaysstatusonlywhen livenessdetection has been explicitly configured for a subscriberand the liveness detection protocol is actively functioningfor that subscriber.
• DOWN—Liveness detection has been enabled for asubscriber but the broadband network gateway (BNG)detects that the liveness detection session for the BFDprotocol is in the DOWN state.
A liveness detection session that was previously in anUP state has transitioned to a DOWN state, beginningwith a liveness detection failure, and ending with thedeletionof theclientbinding.TheDOWNstate is reportedonly during this transition period of time.
• UNKNOWN—Liveness detection has been enabled for asubscriber but the actual liveness detection state hasnot yet been determined.
TheUNKNOWNstate is reportedafteraDHCPsubscriberinitially logs in while the underlying liveness detectionprotocol handshake, such as BFD, is still processing andthe BFD session has not yet reached the UP state.
• UP—Liveness detection has been enabled for asubscriber, and theBNGand thesubscriberor clienthaveboth determined that the liveness detection session forthe BFD protocol is in the UP state.
• WENT_DOWN—State is functionally equivalent to theDOWN state. A liveness detection session that waspreviously in an UP state has transitioned to a DOWNstate implying a liveness detection failure.
TheWENT_DOWN state applies to the internaldistribution of the liveness detection mechanismbetween the Junos DHCP Daemon for SubscriberServices (JDHCPd), the BFD plug-in within theBroadband Edge Subscriber Management Daemon(BBE-SMGD), and the Packet Forwarding Engine.
Liveness Detection State
detailInternally generated name of the dynamic agent circuitidentifier (ACI) interface set.
ACI Interface Set Name
detailIndex number of the dynamic ACI interface set.ACI Interface Set Index
detailIdentifier of the dynamic ACI interface set entry in thesession database.
ACI Interface Set Session ID
detailDHCP client profile name.Client Profile Name
detailDHCP server profile name.Dual Stack Group
detailIPv6 prefix of peer.Dual Stack Peer Prefix
485Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 19: show dhcp server binding Output Fields (continued)
Level of OutputField DescriptionField Name
detailIPv6 address of peer.Dual Stack Peer Address
Sample Output
show dhcp server binding
user@host> show dhcp server bindingIP address Session Id Hardware address Expires State Interface198.51.100.15 6 00:00:5e:00:53:01 86180 BOUND ge-1/0/0.0
198.51.100.16 7 00:00:5e:00:53:02 86180 BOUND ge-1/0/0.0
198.51.100.17 8 00:00:5e:00:53:03 86180 BOUND ge-1/0/0.0
198.51.100.18 9 00:00:5e:00:53:04 86180 BOUND ge-1/0/0.0
198.51.100.19 10 00:00:5e:00:53:05 86180 BOUND ge-1/0/0.0
show dhcp server binding detail
user@host> show dhcp server binding detailClient IP Address: 198.51.100.15 Hardware Address: 00:00:5e:00:53:01 State: BOUND(LOCAL_SERVER_STATE_BOUND_ON_INTF_DELETE)
Lease Expires: 2009-07-21 10:10:25 PDT Lease Expires in: 86151 seconds Lease Start: 2009-07-20 10:10:25 PDT Incoming Client Interface: ge-1/0/0.0 Server Ip Address: 198.51.100.9 Server Interface: none Session Id: 6 Client Pool Name: 6 Liveness Detection State: UP Client IP Address: 198.51.100.16 Hardware Address: 00:00:5e:00:53:02 State: BOUND(LOCAL_SERVER_STATE_BOUND_ON_INTF_DELETE)
Lease Expires: 2009-07-21 10:10:25 PDT Lease Expires in: 86151 seconds Lease Start: 2009-07-20 10:10:25 PDT Lease time violated: yes Incoming Client Interface: ge-1/0/0.0 Server Ip Address: 198.51.100.9 Server Interface: none Session Id: 7 Client Pool Name: 7 Liveness Detection State: UP
When DHCP binding is configured with dual-stack, we get the following output:
user@host> show dhcp server binding detailClient IP Address: 100.20.0.10 Hardware Address: 00:00:64:03:01:02 State: BOUND(LOCAL_SERVER_STATE_BOUND)
Copyright © 2018, Juniper Networks, Inc.486
Broadband Subscriber ManagementWholesale Feature Guide
Protocol-Used: DHCP Lease Expires: 2016-11-07 08:30:39 PST Lease Expires in: 43706 seconds Lease Start: 2016-11-04 11:00:37 PDT Last Packet Received: 2016-11-06 09:00:39 PST Incoming Client Interface: ae0.3221225472 Client Interface Svlan Id: 2000 Client Interface Vlan Id: 1 Server Ip Address: 100.20.32.2 Session Id: 2 Client Pool Name: my-v4-pool Client Profile Name: dhcp-retail Dual Stack Group: my-dual-stack Dual Stack Peer Prefix: 3ffe:ffff:0:4::/64 Dual Stack Peer Address: 3000:0:0:8003::1/128
show dhcp server binding detail (ACI Interface Set Configured)
user@host> show dhcp server binding detailClient IP Address: 198.51.100.14 Hardware Address: 00:00:5e:00:53:02 State: BOUND(LOCAL_SERVER_STATE_BOUND) Lease Expires: 2012-03-13 09:53:32 PDT Lease Expires in: 82660 seconds Lease Start: 2012-03-12 10:23:32 PDT Last Packet Received: 2012-03-12 10:23:32 PDT Incoming Client Interface: demux0.1073741827 Client Interface Svlan Id: 1802 Client Interface Vlan Id: 302 Demux Interface: demux0.1073741832 Server Identifier: 198.51.100.202 Session Id: 11 Client Pool Name: poolA Client Profile Name: DEMUXprofile Liveness Detection State: UP ACI Interface Set Name: aci-1002-demux0.1073741827 ACI Interface Set Index: 2 ACI Interface Set Session ID: 6
show dhcp server binding interface <vlan-id>
user@host> show dhcp server binding interface ge-1/1/0:100IP address Session Id Hardware address Expires State Interface198.51.100.15 6 00:00:5e:00:53:01 86124 BOUND ge-1/1/0:100
show dhcp server binding interface <svlan-id>
user@host> show dhcp server binding interface ge-1/1/0:10-100IP address Session Id Hardware address Expires State Interface198.51.100.16 7 00:00:5e:00:53:02 86124 BOUND ge-1/1/0:10-100
show dhcp server binding <ip-address>
user@host> show dhcp server binding 198100.19IP address Session Id Hardware address Expires State Interface198.51.100.19 10 00:00:5e:00:53:05 86081 BOUND ge-1/0/0.0
487Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show dhcp server binding <session-id>
user@host> show dhcp server binding 6IP address Session Id Hardware address Expires State Interface198.51.100.15 6 00:00:5e:00:53:01 86124 BOUND ge-1/0/0.0
show dhcp server binding summary
user@host> show dhcp server binding summary3 clients, (2 init, 1 bound, 0 selecting, 0 requesting, 0 renewing, 0 releasing)
show dhcp server binding <interfaces-vlan>
user@host> show dhcp server binding ge-1/0/0:100-200IP address Session Id Hardware address Expires State Interface192.168.0.17 42 00:00:5e:00:53:02 86346 BOUND ge-1/0/0.1073741827 192.168.0.16 41 00:00:5e:00:53:01 86346 BOUND ge-1/0/0.1073741827
show dhcp server binding <interfaces-wildcard>
user@host> show dhcp server binding ge-1/3/*IP address Session Id Hardware address Expires State Interface192.168.0.9 24 00:00:5e:00:53:04 86361 BOUND ge-1/3/0.110 192.168.0.8 23 00:00:5e:00:53:03 86361 BOUND ge-1/3/0.110 192.168.0.7 22 00:00:5e:00:53:02 86361 BOUND ge-1/3/0.110
Copyright © 2018, Juniper Networks, Inc.488
Broadband Subscriber ManagementWholesale Feature Guide
show dhcp server statistics
Syntax show dhcp server statistics<bulk-leasequery-connections><logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 9.0.
bulk-leasequery-connections option introduced in Junos OS Release 16.1.
Description Display extended Dynamic Host Configuration Protocol (DHCP) local server statistics.
Options bulk-leasequery-connections—(Optional) Display bulk leasequery statistics.
bulk-leasequery-connections—(Optional) Display information about bulk leasequerystatistics.
logical-system logical-system-name—(Optional) Display information about extendedDHCP local server statistics on the specified logical system. If you do not specify a
logical system, statistics are displayed for the default logical system.
routing-instance routing-instance-name—(Optional)Display informationaboutextendedDHCP local server statistics on the specified routing instance. If you do not specify
a routing instance, statistics are displayed for the default routing instance.
Required PrivilegeLevel
view
RelatedDocumentation
clear dhcp server statistics on page 450•
List of Sample Output show dhcp server statistics on page 491show dhcp server statistics on page 492
Output Fields Table 20onpage490 lists theoutput fields for the showdhcpserver statistics command.
Output fields are listed in the approximate order in which they appear.
489Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 20: show dhcp server statistics Output Fields
Field DescriptionField Name
Number of packets discarded by the extended DHCP local server because of errors. Only nonzerostatistics appear in the Packets dropped output. When all of the Packets dropped statistics are 0(zero), only the Total field appears.
• Total—Total number of packets discarded by the extended DHCP local server
• Authentication—Number of packets discarded because they could not be authenticated
• Bad hardware address—Number of packets discarded because an invalid hardware address wasspecified
• Bad opcode—Number of packets discarded because an invalid operation code was specified
• Bad options—Number of packets discarded because invalid options were specified
• Dynamic profile—Number of packets discarded due to dynamic profile information
• Invalidserveraddress—Numberofpacketsdiscardedbecausean invalid serveraddresswasspecified
• Lease Time Violation—Number of packets discarded because of a lease time violation
• No available addresses—Number of packets discarded because there were no addresses availablefor assignment
• No interfacematch—Number of packets discarded because they did not belong to a configuredinterface
• Norouting instancematch—Numberofpacketsdiscardedbecause theydidnotbelong toaconfiguredrouting instance
• No valid local address—Number of packets discarded because there was no valid local address
• Packet too short—Number of packets discarded because they were too short
• Read error—Number of packets discarded because of a system read error
• Send error—Number of packets that the extended DHCP local server could not send
Packets dropped
Number of DHCPmessages received.
• BOOTREQUEST—Number of BOOTP protocol data units (PDUs) received
• DHCPDECLINE—Number of DHCP PDUs of type DECLINE received
• DHCPDISCOVER—Number of DHCP PDUs of type DISCOVER received
• DHCPINFORM—Number of DHCP PDUs of type INFORM received
• DHCPRELEASE—Number of DHCP PDUs of type RELEASE received
• DHCPREQUEST—Number of DHCP PDUs of type REQUEST received
• DHCPLEASEQUERY—Number of DHCP leasequery messages received.
• DHCPBULKLEASEQUERY—Number of DHCP bulk leasequery messages received.
• DHCPRENEW—Number of DHCP renewmessages received; subset of DHCPREQUEST counter.
• DHCPREBIND—Number of DHCP rebindmessages received; subset of DHCPREQUEST counter.
Messages received
Copyright © 2018, Juniper Networks, Inc.490
Broadband Subscriber ManagementWholesale Feature Guide
Table 20: show dhcp server statistics Output Fields (continued)
Field DescriptionField Name
Number of DHCPmessages sent.
• BOOTREPLY—Number of BOOTP PDUs transmitted
• DHCPOFFER—Number of DHCP OFFER PDUs transmitted
• DHCPACK—Number of DHCP ACK PDUs transmitted
• DHCPNACK—Number of DHCP NACK PDUs transmitted
• DHCPFORCERENEW—Number of DHCP FORCERENEWPDUs transmitted
• DHCPLEASEUNASSIGNED—Number of DHCP leases that are managed by the server but have notyet been assigned
• DHCPLEASEUNKNOWN—Number of unknown DHCP leases
• DHCPLEASEACTIVE—Number of active DHCP leases
• DHCPLEASEQUERYDONE—The leasequery is complete
Messages sent
Total number of bulk leasequery connections accepted by the server.Total AcceptedConnections
Total number of bulk leasequery connections not accepted by the server.Total Not-AcceptedConnections
Number of bulk leasequery connections that the server closed due to an internal error.ConnectionsCloseddueto Errors
Number of bulk leasequery connections that the server closed because themaximum number ofempty replies was reached.
ConnectionsClosedduetomax-empty-replies
Number of bulk leasequery connections on the server.In-flight Connections
Sample Output
show dhcp server statistics
user@host> show dhcp server statisticsPackets dropped: Total 1 Lease Time Violation 1
Messages received: BOOTREQUEST 25 DHCPDECLINE 0 DHCPDISCOVER 10 DHCPINFORM 0 DHCPRELEASE 4 DHCPREQUEST 10 DHCPRENEW 4 DHCPREBIND 2
Messages sent: BOOTREPLY 20 DHCPOFFER 10 DHCPACK 10
491Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
DHCPNAK 0 DHCPFORCERENEW 0
show dhcp server statistics
user@host> show dhcp server statistics verbosePackets dropped: Total 0
Messages received: BOOTREQUEST 238 DHCPDECLINE 0 DHCPDISCOVER 1 DHCPINFORM 0 DHCPRELEASE 0 DHCPREQUEST 237 DHCPRENEW 236 DHCPREBIND 0
Messages sent: BOOTREPLY 20 DHCPOFFER 10 DHCPACK 10 DHCPNAK 0 DHCPFORCERENEW 0
Copyright © 2018, Juniper Networks, Inc.492
Broadband Subscriber ManagementWholesale Feature Guide
show dhcpv6 server binding
Syntax show dhcpv6 server binding<address><brief | detail | summary><interface interface-name><interfaces-vlan><interfaces-wildcard><logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 9.6.
Options interfaces-vlan and interfaces-wildcard added in Junos OS Release 12.1.
Description Display the address bindings in the client table on the extended Dynamic Host
Configuration Protocol for IPv6 (DHCPv6) local server.
Options address—(Optional)Oneof the following identifiers for theDHCPv6clientwhosebindingstate you want to show:
• CID—The specified Client ID (CID).
• ipv6-prefix—The specified IPv6 prefix.
• session-id—The specified session ID.
brief | detail | summary—(Optional) Display the specified level of output about activeclient bindings. Thedefault isbrief, whichproduces the sameoutput as showdhcpv6
server binding.
interface interface-name—(Optional) Display information about active client bindingson the specified interface. You can optionally filter on VLAN ID and SVLAN ID.
interfaces-vlan—(Optional) Interface VLAN ID or S-VLAN ID interface on which to showbinding state information.
interfaces-wildcard—(Optional) Set of interfaces on which to show binding state
information. This option supports the use of the wildcard character (*).
logical-system logical-system-name—(Optional)Display informationaboutactiveclientbindings for DHCPv6 clients on the specified logical system.
routing-instance routing-instance-name—(Optional) Display information about activeclient bindings for DHCPv6 clients on the specified routing instance.
Required PrivilegeLevel
view
493Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
RelatedDocumentation
Clearing DHCP Bindings for Subscriber Access•
• clear dhcpv6 server binding on page 452
List of Sample Output show dhcpv6 server binding on page 496show dhcpv6 server binding detail on page 496show dhcpv6 server binding interface on page 497show dhcpv6 server binding interface detail on page 497show dhcpv6 server binding (IPv6 Prefix) on page 497show dhcpv6 server binding (Session ID) on page 498show dhcpv6 server binding (Interfaces VLAN) on page 498show dhcpv6 server binding (InterfacesWildcard) on page 498show dhcpv6 server binding (InterfacesWildcard) on page 498show dhcpv6 server binding summary on page 498
Output Fields Table 21 onpage494 lists the output fields for the showdhcpv6serverbinding command.
Output fields are listed in the approximate order in which they appear.
Table 21: show dhcpv6 server binding Output Fields
Level of OutputField DescriptionField Name
summarySummary counts of the total number of DHCPv6 clients and the number ofDHCPv6 clients in each state.
number clients,(number init,number bound,number selecting,number requesting,number renewing,number releasing)
brief detailClient’s DHCPv6 prefix, or prefix used to support multiple address assignment.Prefix
brief detailSession ID of the subscriber session.Session Id
brief detailNumber of seconds in which lease expires.Expires
brief detailState of the address binding table on the extended DHCPv6 local server:
• BOUND—Client has active IP address lease.
• INIT—Initial state.
• RECONFIGURE—Server has sent reconfigure message to client.
• RELEASE—Client is releasing IP address lease.
• RENEWING—Client sending request to renew IP address lease.
• REQUESTING—Client requesting a DHCPv6 server.
• SELECTING—Client receiving offers from DHCPv6 servers.
State
briefInterface on which the DHCPv6 request was received.Interface
detailClient’s IPv6 address.Client IPv6 Address
detailClient’s IPv6 prefix.Client IPv6 Prefix
Copyright © 2018, Juniper Networks, Inc.494
Broadband Subscriber ManagementWholesale Feature Guide
Table 21: show dhcpv6 server binding Output Fields (continued)
Level of OutputField DescriptionField Name
detailIPv6 Prefix of the DHCP client excluded.Client IPv6ExcludedPrefix
brief detailClient’s DHCP Unique Identifier (DUID).Client DUID
detailDate and time at which the client’s IP address lease expires.Lease expires
detailNumber of seconds in which lease expires.Lease expires in
detailDate and UTC time at which the client’s IPv6 prefix expires.Preferred LeaseExpires
detailNumber of seconds at which client’s IPv6 prefix expires.Preferred LeaseExpires in
detailDate and time at which the client’s address lease was obtained.Lease Start
detailLease time violation has occurred.Lease time violated
detailClient’s incoming interface.Incoming ClientInterface
detailIP address of DHCPv6 server.Server IP Address
detailInterface of DHCPv6 server.Server Interface
detailAddress pool used to assign IPv6 address.Client Pool Name
detailAddress pool used to assign IPv6 prefix.Client Prefix PoolName
detailLength of the DHCPv6 client ID, in bytes.Client Id length
detailID of the DHCPv6 client.Client Id
detailDHCP unique identifier (DUID) for the DHCPv6 server.Server Id
detailS-VLAN ID of the client’s incoming interface.Client InterfaceSvlan Id
detailVLAN ID of the client’s incoming interface.Client InterfaceVlanId
detailDHCPv6 server profile name.Dual Stack Group
detailDHCPv6 Peer IP address.Dual Stack PeerAddress
495Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sample Output
show dhcpv6 server binding
user@host> show dhcpv6 server bindingPrefix Session Id Expires State Interface Client DUID2001:db8:1111:2222::/64 6 86321 BOUND ge-1/0/0.0 LL_TIME0x1-0x2e159c0-00:10:94:00:00:012001:db8:1111:2222::/64 7 86321 BOUND ge-1/0/0.0 LL_TIME0x1-0x2e159c0-00:10:94:00:00:022001:db8:1111:2222::/64 8 86321 BOUND ge-1/0/0.0 LL_TIME0x1-0x2e159c0-00:10:94:00:00:032001:db8:1111:2222::/64 9 86321 BOUND ge-1/0/0.0 LL_TIME0x1-0x2e159c1-00:10:94:00:00:042001:db8:1111:2222::/64 10 86321 BOUND ge-1/0/0.0 LL_TIME0x1-0x2e159c1-00:10:94:00:00:052001:db8:2002::1/74 11 86321 BOUND ge-1/0/0.0 LL_TIME0x1-0x2e159c1-00:10:94:00:00:06
show dhcpv6 server binding detail
user@host> show dhcpv6 server binding detailSession Id: 2 Client IPv6 Prefix: 3ffe:ffff:0:4::/64 Client IPv6 Address: 3000:0:0:8003::1/128 Client DUID: LL0x1-00:00:64:01:01:02 State: BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
Lease Expires: 2016-11-07 08:30:39 PST Lease Expires in: 43706 seconds Preferred Lease Expires: 2016-11-07 08:30:39 PST Preferred Lease Expires in: 43706 seconds Lease Start: 2016-11-04 11:00:37 PDT Last Packet Received: 2016-11-06 09:00:39 PST Incoming Client Interface: ae0.3221225472 Client Interface Svlan Id: 2000 Client Interface Vlan Id: 1 Server Ip Address: 3000::2 Server Interface: none Client Profile Name: my-dual-stack Client Id Length: 10 Client Id: /0x00030001/0x00006401/0x0102 Dual Stack Group: my-dual-stack Dual Stack Peer Address: 100.20.0.10
When DHCPv6 binding is configured with prefix exclude option, we get the following
output:
user@host> show dhcpv6 server binding detailSession Id: 5 Client IPv6 Address: 7001:2:3::d/128 Lease Expires: 2017-12-11 07:45:15 IST Lease Expires in: 9999995 seconds Preferred Lease Expires: 2017-12-11 07:45:15 IST Preferred Lease Expires in: 9999995 seconds Client IPv6 Prefix: 7001::1000:0:0:0/68 Client IPv6 Excluded Prefix: 7001::1fff:ffff:ffff:ff00/120 Lease Expires: 2017-12-11 07:45:15 IST Lease Expires in: 9999995 seconds
Copyright © 2018, Juniper Networks, Inc.496
Broadband Subscriber ManagementWholesale Feature Guide
Preferred Lease Expires: 2017-12-11 07:45:15 IST Preferred Lease Expires in: 9999995 seconds Client DUID: LL_TIME0x1-0x599553b0-00:10:94:00:00:01
State: BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
Lease Start: 2017-08-17 13:58:32 IST Last Packet Received: 2017-08-17 13:58:36 IST Incoming Client Interface: ge-0/0/0.0 Client Interface Vlan Id: 100 Client Pool Name: ia_na_pool Client Prefix Pool Name: prefix_delegate_pool Client Id Length: 14 Client Id: /0x00010001/0x599553b0/0x00109400/0x0001 Relay Id Length: 31 Relay Id: /0x00020000/0x05830130/0x303a3035/0x3a38363a Relay Id: /0x34343a65/0x323a6330/0x00000000/0x000000
show dhcpv6 server binding interface
user@host> show dhcpv6 server binding interface ge-1/0/0:10-101Prefix Session Id Expires State Interface Client DUID2001:db8:1111:2222::/64 1 86055 BOUND ge-1/0/0.100 LL_TIME0x1-0x4b0a53b9-00:10:94:00:00:01
show dhcpv6 server binding interface detail
user@host> show dhcpv6 server binding interface ge-1/0/0:10-101 detailSession Id: 7 Client IPv6 Prefix: 2001:db8:1111:2222::/64 Client DUID: LL_TIME0x1-0x2e159c0-00:10:94:00:00:02
State: BOUND(bound) Lease Expires: 2009-07-21 10:41:15 PDT Lease Expires in: 86136 seconds Preferred Lease Expires: 2012-07-24 00:18:14 UTC Preferred Lease Expires in: 600 seconds Lease Start: 2009-07-20 10:41:15 PDT Incoming Client Interface: ge-1/0/0.0 Server Ip Address: 0.0.0.0 Server Interface: none Client Id Length: 14 Client Id: /0x00010001/0x02e159c0/0x00109400/0x0002
show dhcpv6 server binding (IPv6 Prefix)
user@host> show dhcpv6 server binding 14/0x00010001/0x02b3be8f/0x00109400/0x0005detailSession Id: 7 Client IPv6 Prefix: 2001:db8:1111:2222::/64 Client DUID: LL_TIME0x1-0x2e159c0-00:10:94:00:00:02
State: BOUND(bound) Lease Expires: 2009-07-21 10:41:15 PDT Lease Expires in: 86136 seconds Preferred Lease Expires: 2012-07-24 00:18:14 UTC
497Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Preferred Lease Expires in: 600 seconds Lease Start: 2009-07-20 10:41:15 PDT Incoming Client Interface: ge-1/0/0.0 Server Ip Address: 0.0.0.0 Server Interface: none Client Id Length: 14 Client Id: /0x00010001/0x02e159c0/0x00109400/0x0002
show dhcpv6 server binding (Session ID)
user@host> show dhcpv6 server binding 8Prefix Session Id Expires State Interface Client DUID2001:db8::/32 8 86235 BOUND ge-1/0/0.0 LL_TIME0x1-0x2e159c0-00:10:94:00:00:03
show dhcpv6 server binding (Interfaces VLAN)
user@host> show dhcpv6 server binding ge-1/0/0:100-200Prefix Session Id Expires State Interface Client DUID2001:db8::/32 11 87583 BOUND ge-1/0/0.1073741827 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:012001:db8:19::/32 12 87583 BOUND ge-1/0/0.1073741827 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:01
show dhcpv6 server binding (InterfacesWildcard)
user@host> show dhcpv6 server binding demux0Prefix Session Id Expires State Interface Client DUID2001:db8::/32 30 79681 BOUND demux0.1073741824 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:012001:db8:19::/32 31 79681 BOUND demux0.1073741825 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:012001:db8:C9::/32 32 79681 BOUND demux0.1073741826 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:01
show dhcpv6 server binding (InterfacesWildcard)
user@host> show dhcpv6 server binding ge-1/3/*Prefix Session Id Expires State Interface Client DUID2001:db8::/32 22 79681 BOUND ge-1/3/0.110 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:012001:db8:19::/32 33 79681 BOUND ge-1/3/0.110 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:012001:db8:C9::/32 24 79681 BOUND ge-1/3/0.110 LL_TIME0x1-0x4d5d009f-00:10:94:00:00:01
show dhcpv6 server binding summary
user@host> show dhcpv6 server binding summary5 clients, (0 init, 5 bound, 0 selecting, 0 requesting, 0 renewing, 0 releasing)
Copyright © 2018, Juniper Networks, Inc.498
Broadband Subscriber ManagementWholesale Feature Guide
show dhcpv6 server statistics
Syntax show dhcpv6 server statistics<bulk-leasequery-connections><logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 9.6.
bulk-leasequery-connections option introduced in Junos OS Release 16.1.
Description Display extended Dynamic Host Configuration Protocol for IPv6 (DHCPv6) local server
statistics.
Options bulk-leasequery-connections—(Optional) Display bulk leasequery statistics.
logical-system logical-system-name—(Optional) Display information about extendedDHCPv6 local server statistics on the specified logical system. If you do not specify
a logical system, statistics are displayed for the default logical system.
routing-instance routing-instance-name—(Optional)Display informationaboutextendedDHCPv6 local server statistics on the specified routing instance. If you do not specify
a routing instance, statistics are displayed for the default routing instance.
Required PrivilegeLevel
view
RelatedDocumentation
clear dhcpv6 server statistics on page 455•
List of Sample Output show dhcpv6 server statistics on page 501show dhcpv6 server statistics bulk-leasequery-connections on page 501
Output Fields Table22onpage500 lists theoutput fields for theshowdhcpv6serverstatisticscommand.
Output fields are listed in the approximate order in which they appear.
499Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 22: show dhcpv6 server statistics Output Fields
Field DescriptionField Name
Number of packets discarded by the extended DHCPv6 local server because of errors. Only nonzerostatistics appear in the Packets dropped output. When all of the Packets dropped statistics are 0(zero), only the Total field appears.
• Total—Total number of packets discarded by the extended DHCPv6 local server
• Strict Reconfigure—Number of solicit messages discarded because the client does not supportreconfiguration
• Bad hardware address—Number of packets discarded because an invalid hardware address wasspecified
• Bad opcode—Number of packets discarded because an invalid operation code was specified
• Bad options—Number of packets discarded because invalid options were specified
• Invalidserveraddress—Numberofpacketsdiscardedbecausean invalid serveraddresswasspecified
• Lease Time Violation—Number of packets discarded because of a lease time violation
• No available addresses—Number of packets discarded because there were no addresses availablefor assignment
• No interfacematch—Number of packets discarded because they did not belong to a configuredinterface
• Norouting instancematch—Numberofpacketsdiscardedbecause theydidnotbelong toaconfiguredrouting instance
• No valid local address—Number of packets discarded because there was no valid local address
• Packet too short—Number of packets discarded because they were too short
• Read error—Number of packets discarded because of a system read error
• Send error—Number of packets that the extended DHCPv6 local server could not send
Packets dropped
Number of DHCPv6messages received.
• DHCPV6_CONFIRM—Number of DHCPv6 CONFIRM PDUs received.
• DHCPV6_DECLINE—Number of DHCPv6 DECLINE PDUs received.
• DHCPV6_INFORMATION_REQUEST—NumberofDHCPv6 INFORMATION-REQUESTPDUs received.
• DHCPV6_REBIND—Number of DHCPv6 REBIND PDUs received.
• DHCPV6_RELAY_FORW—Number of DHCPv6 RELAY-FORWPDUs received.
• DHCPV6_RELAY_REPL—Number of DHCPv6 RELAY-REPL PDUs received.
• DHCPV6_RELEASE—Number of DHCPv6 RELEASE PDUs received.
• DHCPV6_RENEW—Number of DHCPv6 RENEWPDUs received.
• DHCPV6_REQUEST—Number of DHCPv6 REQUEST PDUs received.
• DHCPV6_SOLICIT—Number of DHCPv6 SOLICIT PDUs received.
• DHCPV6_LEASEQUERY—Number of DHCPv6 leasequery messages received.
Messages received
Copyright © 2018, Juniper Networks, Inc.500
Broadband Subscriber ManagementWholesale Feature Guide
Table 22: show dhcpv6 server statistics Output Fields (continued)
Field DescriptionField Name
Number of DHCPv6messages sent.
• DHCPV6_ADVERTISE—Number of DHCPv6 ADVERTISE PDUs transmitted.
• DHCPV6_REPLY—Number of DHCPv6 ADVERTISE PDUs transmitted.
• DHCPV6_LOGICAL_NAK—Number of logical NAKmessages sent, signifying T1 and T2 timers withvalues of zero; subset of DHCPV6_REPLY counter. (Displays only at verbose level.
• DHC6_RECONFIGURE—Number of DHCPv6 RECONFIGURE PDUs transmitted.
• DHCPV6_LEASEQUERY_REPLY—NumberofDHCPv6 leasequery replies transmitted to theDHCPv6relay agent.
• DHCPV6_LEASEQUERY_DATA—Number of DHCPv6 LEASEQUERY-DATA packets transmitted.
• DHCPV6_LEASEQUERY_DONE—Number of DHCPv6 LEASEQUERY-DONE packets sent.
Messages sent
Sample Output
show dhcpv6 server statistics
user@host> show dhcpv6 server statisticsDhcpv6 Packets dropped: Total 1 Lease Time Violation 1
Messages received: DHCPV6_DECLINE 0 DHCPV6_SOLICIT 9 DHCPV6_INFORMATION_REQUEST 0 DHCPV6_RELEASE 0 DHCPV6_REQUEST 5 DHCPV6_CONFIRM 0 DHCPV6_RENEW 0 DHCPV6_REBIND 0 DHCPV6_RELAY_FORW 0 DHCPV6_RELAY_REPL 0 DHCPV^_LEASEQUERY 0
Messages sent: DHCPV6_ADVERTISE 9 DHCPV6_REPLY 5 DHCPV6_RECONFIGURE 0 DHCPV6_LEASEQUERY_REPLY 0 DHCPV6_LEASEQUERY_DATA 0 DHCPV6_LEASEQUERY_DONE 0
show dhcpv6 server statistics bulk-leasequery-connections
user@host> show dhcpv6 server statistics bulk-leasequery-connections
Total Accepted Connections: 0Total Not-Accepted Connections: 0Connections Closed due to Errors: 0Connections Closed due to max-empty-replies: 0In-flight Connections: 0
501Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show interfaces (Aggregated Ethernet)
Syntax show interfaces aenumber<brief | detail | extensive | terse><descriptions><media><snmp-index snmp-index><statistics>
Release Information Command introduced before Junos OS Release 7.4.
Description (M Series, T Series, and MX Series routers only) Display status information about the
specified aggregated Fast Ethernet or Gigabit Ethernet interface.
Options aenumber—Display standard information about the specified aggregated Fast Ethernetor Gigabit Ethernet interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information.
snmp-index snmp-index—(Optional) Display information for the specified SNMP indexof the interface.
statistics—(Optional) Display static interface statistics.
Required PrivilegeLevel
view
RelatedDocumentation
Ethernet Interfaces Feature Guide for Routing Devices•
List of Sample Output show interfaces (Aggregated Ethernet) on page 507show interfaces brief (Aggregated Ethernet) on page 508show interfaces detail (Aggregated Ethernet) on page 508show interfaces extensive (Aggregated Ethernet) on page 509show interfaces extensive (Aggregated Ethernet with VLAN Stacking) on page 510
Output Fields Table23onpage502 lists theoutput fields for the showinterfaces (AggregatedEthernet)
command. Output fields are listed in the approximate order in which they appear.
Table 23: Aggregated Ethernet show interfaces Output Fields
Level of OutputField DescriptionField Name
Physical Interface
All levelsName of the physical interface and state of the interface.Physical interface
Copyright © 2018, Juniper Networks, Inc.502
Broadband Subscriber ManagementWholesale Feature Guide
Table 23: Aggregated Ethernet show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
All levelsState of the physical interface. Possible values are described in the “EnabledField” section under Common Output Fields Description.
Enabled
All levelsIndexnumber of thephysical interface,which reflects its initialization sequence.Interface index
detail extensive noneSNMP index number for the physical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsEncapsulation being used on the physical interface.Link-level type
All levelsMaximum transmission unit size on the physical interface.MTU
All levelsSpeed at which the interface is running.Speed
All levelsLoopback status: Enabled or Disabled. If loopback is enabled, type of loopback:Local or Remote.
Loopback
All levelsSource filtering status: Enabled or Disabled.Source filtering
All levelsFlow control status: Enabled or Disabled.Flow control
All levelsNumber of child links that must be operational for the aggregate interface tobe operational.
Minimum linksneeded
All levelsInformation about the physical device. Possible values are described in the“Device Flags” section under Common Output Fields Description.
Device flags
All levelsInformation about the interface. Possible values are described in the “InterfacesFlags” section under Common Output Fields Description.
Interface flags
detail extensiveConfigured MAC address.Current address
detail extensiveHardware MAC address.Hardware address
detail extensiveDate, time, and how long ago the interface went from down to up or from upto down. The format is Last flapped: year-month-day hours:minutes:secondstimezone (hours:minutes:seconds ago). For example, Last flapped: 2002-04-2610:52:40 PDT (04:33:20 ago).
Last flapped
None specifiedInput rate in bits per second (bps) and packets per second (pps).Input Rate
None specifiedOutput rate in bps and pps.Output Rate
detail extensiveTime when the statistics for the interface were last set to zero.Statistics lastcleared
503Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 23: Aggregated Ethernet show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveNumber and rate of bytes andpackets receivedand transmittedon thephysicalinterface.
• Input bytes—Number of bytes and rate, in bps, at which bytes are receivedon the interface.
• Outputbytes—Numberofbytesand rate, inbps, atwhichbytesare transmittedon the interface.
• Input packets—Number of packets and rate, in pps, at which packets arereceived on the interface.
• Output packets—Number of packets and rate, in pps, at which packets aretransmitted on the interface.
Traffic statistics
detail extensiveInput errors on the interface:
• Errors—Sum of incoming frame aborts and frame check sequence (FCS)errors.
• Drops—Number of packets dropped by the input queue of the I/O ManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's random early detection (RED)mechanism.
• Framing errors—Number of packets receivedwith an invalid frame checksum(FCS).
• Runts—Number of frames received that are smaller than the runt threshold.
• Giants—Number of frames received that are larger than the giant threshold.
• Policed discards—Number of frames that the incoming packet match codediscarded because they were not recognized or were not of interest. Usually,this field reports protocols that Junos OS does not handle.
• Resource errors—Sum of transmit drops.
Input errors
detail extensiveOutput errors on the interface. The following paragraphs explain the counterswhosemeaning might not be obvious:
• Carrier transitions—Number of times the interface has gone from down to up.This number does not normally increment quickly, increasing only when thecable is unplugged, the far-end system is powered down and then up, oranotherproblemoccurs. If thenumberof carrier transitions incrementsquickly(perhaps once every 10 seconds), then the cable, the far-end system, or thePIC is malfunctioning.
• Errors—Sum of the outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• MTUerrors—NumberofpacketswhosesizeexceededtheMTUof the interface.
• Resource errors—Sum of transmit drops.
Output errors
Copyright © 2018, Juniper Networks, Inc.504
Broadband Subscriber ManagementWholesale Feature Guide
Table 23: Aggregated Ethernet show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveNumber of IPv6 transit bytes and packets received and transmitted on thephysical interface if IPv6 statistics tracking is enabled.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
IPv6 transitstatistics
detail extensiveCoS queue number and its associated user-configured forwarding class name.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Droppedpackets—Numberofpacketsdroppedby theASIC'sREDmechanism.
NOTE: In DPCs that are not of the enhanced type, such as DPC 40x 1GE R,DPCE20x 1GE+2x 10GER,orDPCE40x 1GER, youmightnoticeadiscrepancyin the output of the show interfaces command because incoming packetsmight be counted in the Egress queues section of the output. This problemoccursonnon-enhancedDPCsbecause theegressqueuestatisticsarepolledfrom IMQ (Inbound Message Queuing) block of the I-chip. The IMQ blockdoes not differentiate between ingress and egressWAN traffic; as a result,the combined statistics are displayed in the egress queue counters on theRouting Engine. In a simple VPLS scenario, if there is no MAC entry in DMACtable (by sending unidirectional traffic), traffic is floodedand the input trafficis accounted in IMQ. For bidirectional traffic (MAC entry in DMAC table), ifthe outgoing interface is on the same I-chip then both ingress and egressstatistics are counted in a combined way. If the outgoing interface is on adifferent I-chip or FPC, then only egress statistics are accounted in IMQ. Thisbehavior is expected with non-enhanced DPCs
Queue counters
Logical Interface
All levelsName of the logical interface.Logical interface
detail extensive noneIndex number of the logical interface (which reflects its initialization sequence).Index
detail extensive noneSNMP interface index number of the logical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsInformation about the logical interface. Possible values are described in the“Logical Interface Flags Field” section underCommonOutput FieldsDescription.
Flags
All levelsTag Protocol Identifier (TPID) and VLAN identifier.VLAN-Tag
detail extensive noneIP demultiplexing (demux) value that appears if this interface is used as thedemux underlying interface. The output is one of the following:
• Source Family Inet
• Destination Family Inet
Demux
All levelsEncapsulation on the logical interface.Encapsulation
505Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 23: Aggregated Ethernet show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneInformationabout thenumberofpackets, packetsper second, numberofbytes,and bytes per second on this aggregate interface.
• Bundle—Information about input and output bundle rates.
• Link—(detail and extensive only) Information about specific links in theaggregate, including link state and input and output rates.
• Adaptive Statistics—(extensive only) Information about adaptive loadbalancing counter statistics.
• Adaptive Adjusts—Number of times traffic flow imbalance was correctedby implementation of adaptive load balancing.
• Adaptive Scans—Number of times the link utilization on eachmember linkof the AE bundle was scanned by for adaptive load balancing
• Adaptive Tolerance—Tolerance level, in percentage, for load imbalance onlink utilization on eachmember link of the AE bundle.
• Adaptive Updates—Number of times traffic flow loads have been updatedon an AE bundle.
• Marker Statistics—(detail and extensive only) Information about 802.3admarker protocol statistics on the specified links.
• Marker Rx—Number of valid marker protocol data units (PDUs) receivedon this aggregation port.
• RespTx—Numberofmarker responsePDUstransmittedonthisaggregationport.
• Unknown Rx—Number of frames received that either carry the slowprotocols Ethernet type value (43B.4) but contain an unknown PDU, orare addressed to the slow protocols group MAC address (43B.3) but donot carry the slow protocols Ethernet type.
• Illegal Rx—Number of frames received that carry the slow protocolsEthernet type value (43B.4) but contain a badly formed PDU or an illegalvalue of protocol subtype (43B.4).
Statistics
Link Aggregation Control Protocol (LACP) information for each aggregatedinterface.
• Role can be one of the following:
• Actor—Local device participating in LACP negotiation.
• Partner—Remote device participating in LACP negotiation.
• System priority—Priority assigned to the system (bymanagement oradministrative policy), encoded as an unsigned integer.
• System identifier—Actor or partner system ID, encoded as a MAC address.
• Port priority—Priority assigned to the port by the actor or partner (bymanagement or administrative policy), encoded as an unsigned integer.
• UnknownRx—Number of frames received that either carry the slowprotocolsEthernet typevalue(43B.4)butcontainanunknownprotocoldataunit (PDU),or are addressed to the slow protocols group MAC address (43B.3) but donot carry the slow protocols Ethernet type.
• Port key—Operational key value assigned to the port by the actor or partner,encoded as an unsigned integer.
LACP info
Copyright © 2018, Juniper Networks, Inc.506
Broadband Subscriber ManagementWholesale Feature Guide
Table 23: Aggregated Ethernet show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneLACP statistics for each aggregated interface.
• LACP Rx—LACP received counter that increments for each normal hello.
• LACP Tx—Number of LACP transmit packet errors logged.
• Unknown Rx—Number of unrecognized packet errors logged.
• Illegal Rx—Number of invalid packets received.
NOTE: For LACP Rx and LACP Tx, Packet count is updated only on snmp timerexpiry (30 secs).
LACP Statistics
briefProtocol family configuredon the logical interface. Possible valuesaredescribedin the “Protocol Field” section under Common Output Fields Description.
protocol-family
detail extensive noneProtocol family configuredon the logical interface. Possible valuesaredescribedin the “Protocol Field” section under Common Output Fields Description.
Protocol
detail extensive noneMaximum transmission unit size on the logical interface.MTU
detail extensive noneMaximum number of MPLS labels configured for the MPLS protocol family onthe logical interface.
Maximum labels
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensiveRouting table in which the logical interface address is located. For example, 0refers to the routing table inet.0.
Route Table
detail extensive noneInformation about protocol family flags. Possible values are described in the“Family Flags Field” section under Common Output Fields Description.
Flags
detail extensive noneNumber of MAC address validation failures for packets and bytes. This field isdisplayed when MAC address validation is enabled for the logical interface.
Mac-ValidateFailures
detail extensive noneInformationaboutaddress flags. Possible valuesaredescribed in the “AddressesFlags” section under Common Output Fields Description.
Addresses, Flags
detail extensive noneIP address of the remote side of the connection.Destination
detail extensive noneIP address of the logical interface.Local
detail extensive noneBroadcast address of the logical interface.Broadcast
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
Sample Output
show interfaces (Aggregated Ethernet)
user@host> show interfaces ae0
507Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Physical interface: ae0, Enabled, Physical link is Up Interface index: 153, SNMP ifIndex: 59 Link-level type: Ethernet, MTU: 1514, Speed: 300mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1 Device flags : Present Running Interface flags: SNMP-Traps 16384 Current address: 00:00:5e:00:53:f0, Hardware address: 00:00:5e:00:53:f0 Last flapped : Never Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps)
Logical interface ae0.0 (Index 72) (SNMP ifIndex 60) Flags: SNMP-Traps 16384 Encapsulation: ENET2 Statistics Packets pps Bytes bps Bundle: Input : 0 0 0 0 Output: 0 0 0 0 Protocol inet, MTU: 1500 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113/24, Local: 203.0.113.2, Broadcast: 10.100.1.255
show interfaces brief (Aggregated Ethernet)
user@host> show interfaces ae0 briefPhysical interface: ae0, Enabled, Physical link is Up Link-level type: Ethernet, MTU: 1514, Speed: 300mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled Device flags : Present Running Interface flags: SNMP-Traps 16384
Logical interface ae0.0 Flags: SNMP-Traps 16384 Encapsulation: ENET2 inet 203.0.113.2/24
show interfaces detail (Aggregated Ethernet)
user@host> show interfaces ae0 detailPhysical interface: ae0, Enabled, Physical link is Up Interface index: 153, SNMP ifIndex: 59, Generation: 36 Link-level type: Ethernet, MTU: 1514, Speed: 300mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1 Device flags : Present Running Interface flags: SNMP-Traps 16384 Current address: 00:00:5e:00:53:f0, Hardware address: 00:00:5e:00:53:f0 Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 7375 7375 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
Copyright © 2018, Juniper Networks, Inc.508
Broadband Subscriber ManagementWholesale Feature Guide
3 network-cont 2268 2268 0
Logical interface ae0.0 (Index 72) (SNMP ifIndex 60) (Generation 18) Flags: SNMP-Traps 16384 Encapsulation: ENET2 Statistics Packets pps Bytes bps Bundle: Input : 0 0 0 0 Output: 0 0 0 0 Link: fe-0/1/0.0 Input : 0 0 0 0 Output: 0 0 0 0 fe-0/1/2.0 Input : 0 0 0 0 Output: 0 0 0 0 fe-0/1/3.0 Input : 0 0 0 0 Output: 0 0 0 0 Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx fe-0/1/0.0 0 0 0 0 fe-0/1/2.0 0 0 0 0 fe-0/1/3.0 0 0 0 0 Protocol inet, MTU: 1500, Generation: 37, Route table: 0 Flags: Is-Primary, Mac-Validate-Strict Mac-Validate Failures: Packets: 0, Bytes: 0 Destination: 203.0.113/24, Local: 203.0.113.2, Broadcast: 203.0.113.255,
Generation: 49
show interfaces extensive (Aggregated Ethernet)
user@host> show interfaces ae0 extensivePhysical interface: ae0, Enabled, Physical link is Up Interface index: 153, SNMP ifIndex: 59, Generation: 36 Link-level type: Ethernet, MTU: 1514, Speed: 300mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1 Device flags : Present Running Interface flags: SNMP-Traps 16384 Current address: 00:00:5e:00:53:f0, Hardware address: 00:00:5e:00:53:f0 Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes : 60 0 bps Output bytes : 0 0 bps Input packets: 1 0 pps Output packets: 0 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0 Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 7375 7375 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
509Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
3 network-cont 2268 2268 0
Logical interface ae0.0 (Index 72) (SNMP ifIndex 60) (Generation 18) Flags: SNMP-Traps 16384 Encapsulation: ENET2 Statistics Packets pps Bytes bps Bundle: Input : 1 0 60 0 Output: 0 0 0 0 Adaptive Statistics: Adaptive Adjusts: 0 Adaptive Scans : 0 Adaptive Updates: 0 Link: fe-0/1/0.0 Input : 0 0 0 0 Output: 0 0 0 0 fe-0/1/2.0 Input : 0 0 0 0 Output: 0 0 0 0 fe-0/1/3.0 Input : 1 0 60 0 Output: 0 0 0 0 LACP info: Role System System Port Port Port
priority identifier priority number key
fe-1/0/3.0 Actor 127 00:00:5e:00:53:85 127 2 1
fe-1/0/3.0 Partner 127 00:00:5e:00:53:c3 127 1 1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx fe-1/0/3.0 3188 3186 0 0 Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx fe-0/1/0.0 0 0 0 0 fe-0/1/2.0 0 0 0 0 fe-0/1/3.0 0 0 0 0 Protocol inet, MTU: 1500, Generation: 37, Route table: 0 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113/24, Local: 203.0.113.2, Broadcast: 203.0.113.255,
Generation: 49
show interfaces extensive (Aggregated Ethernet with VLAN Stacking)
user@host> show interfaces ae0 detailPhysical interface: ae0, Enabled, Physical link is Up Interface index: 155, SNMP ifIndex: 48, Generation: 186 Link-level type: 52, MTU: 1518, Speed: 2000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1, Minimum bandwidth needed: 0 Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Current address: 00:00:5e:00:53:3f, Hardware address: 00:00:5e:00:53:3f Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes : 2406875 40152 bps Output bytes : 1124470 22056 bps Input packets: 5307 5 pps
Copyright © 2018, Juniper Networks, Inc.510
Broadband Subscriber ManagementWholesale Feature Guide
Output packets: 13295 21 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0 Ingress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 859777 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Egress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 1897615 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 662505 0
Logical interface ae0.451 (Index 69) (SNMP ifIndex 167) (Generation 601) Flags: SNMP-Traps VLAN-Tag [ 0x8100.451 ] Encapsulation: VLAN-VPLS Statistics Packets pps Bytes bps Bundle: Input : 289 0 25685 376 Output: 1698 4 130375 3096 Link: ge-1/2/0.451 Input : 289 0 25685 376 Output: 0 0 0 0 ge-1/2/1.451 Input : 0 0 0 0 Output: 1698 4 130375 3096 Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx ge-1/2/0.451 0 0 0 0 ge-1/2/1.451 0 0 0 0 Protocol vpls, MTU: 1518, Generation: 849, Route table: 3 Flags: Is-Primary
Logical interface ae0.452 (Index 70) (SNMP ifIndex 170) (Generation 602) Flags: SNMP-Traps VLAN-Tag [ 0x8100.452 ] Encapsulation: VLAN-VPLS Statistics Packets pps Bytes bps Bundle: Input : 293 1 26003 1072 Output: 1694 3 130057 2400 Link:
511Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
ge-1/2/0.452 Input : 293 1 26003 1072 Output: 1694 3 130057 2400 ge-1/2/1.452 Input : 0 0 0 0 Output: 0 0 0 0 Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx ge-1/2/0.452 0 0 0 0 ge-1/2/1.452 0 0 0 0 Protocol vpls, MTU: 1518, Generation: 850, Route table: 3 Flags: None...
Copyright © 2018, Juniper Networks, Inc.512
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces (Fast Ethernet)
Syntax show interfaces interface-type<brief | detail | extensive | terse><descriptions><media><snmp-index snmp-index><statistics>
Release Information Command introduced before Junos OS Release 7.4.
Description Display status information about the specified Fast Ethernet interface.
Options interface-type—OnM Series and T Series routers, the interface type is fe-fpc/pic/port.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about network interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP indexof the interface.
statistics—(Optional) Display static interface statistics.
Required PrivilegeLevel
view
List of Sample Output show interfaces (Fast Ethernet) on page 526show interfaces brief (Fast Ethernet) on page 527show interfaces detail (Fast Ethernet) on page 527show interfaces extensive (Fast Ethernet) on page 527
Output Fields Table 24 on page 513 lists the output fields for the show interfaces (Fast Ethernet)
command. Output fields are listed in the approximate order in which they appear.
Table 24: show interfaces Fast Ethernet Output Fields
Level of OutputField DescriptionField Name
Physical Interface
All levelsName of the physical interface.Physical interface
All levelsState of the interface. Possible values are described in the “Enabled Field”section under Common Output Fields Description.
Enabled
detail extensive noneIndexnumber of thephysical interface,which reflects its initialization sequence.Interface index
detail extensive noneSNMP index number for the physical interface.SNMP ifIndex
513Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsEncapsulation being used on the physical interface.Link-level type
All levelsMaximum transmission unit size on the physical interface.MTU
extensiveType of link connection configured for the physical interface: Full-duplex orHalf-duplex
Link-mode
All levelsSpeed at which the interface is running.Speed
All levelsLoopback status: Enabled or Disabled. If loopback is enabled, type of loopback:Local or Remote.
Loopback
All levelsSource filtering status: Enabled or Disabled.Source filtering
All levels10-Gigabit Ethernet interface operating in Local Area Network Physical LayerDevice (LAN PHY)mode. LAN PHY allows 10-Gigabit Ethernet wide area linksto use existing Ethernet applications.
LAN-PHYmode
All levels10-Gigabit Ethernet interface operating inWide Area Network Physical LayerDevice (WANPHY)mode.WANPHYallows 10-Gigabit Ethernetwide area linksto use fiber-optic cables and other devices intended for SONET/SDH.
WAN-PHYmode
All levelsUnidirectional link mode status for 10-Gigabit Ethernet interface: Enabled orDisabled for parent interface; Rx-only or Tx-only for child interfaces.
Unidirectional
All levelsFlow control status: Enabled or Disabled.Flow control
All levels(Gigabit Ethernet interfaces) Autonegotiation status: Enabled or Disabled.Auto-negotiation
All levels(Gigabit Ethernet interfaces) Remote fault status:
• Online—Autonegotiation is manually configured as online.
• Offline—Autonegotiation is manually configured as offline.
Remote-fault
All levelsInformation about the physical device. Possible values are described in the“Device Flags” section under Common Output Fields Description.
Device flags
All levelsInformation about the interface. Possible values are described in the “InterfaceFlags” section under Common Output Fields Description.
Interface flags
All levelsInformation about the link. Possible values are described in the “Links Flags”section under Common Output Fields Description.
Link flags
All levels(10-Gigabit Ethernet dense wavelength-division multiplexing [DWDM]interfaces) Displays the configured wavelength, in nanometers (nm).
Wavelength
Copyright © 2018, Juniper Networks, Inc.514
Broadband Subscriber ManagementWholesale Feature Guide
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
All levels(10-Gigabit Ethernet DWDM interfaces only) Displays the frequency associatedwith the configured wavelength, in terahertz (THz).
Frequency
detail extensive noneNumber of CoS queues configured.CoS queues
extensive(GigabitEthernet intelligent queuing 2 (IQ2) interfaces only) Number of CoSschedulers configured.
Schedulers
detail extensiveCurrent interface hold-time up and hold-time down, in milliseconds.Hold-times
detail extensive noneConfigured MAC address.Current address
detail extensive noneHardware MAC address.Hardware address
detail extensive noneDate, time, and how long ago the interface went from down to up. The formatisLast flapped:year-month-dayhour:minute:second:timezone (hour:minute:secondago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Last flapped
None specifiedInput rate in bits per second (bps) and packets per second (pps).Input Rate
None specifiedOutput rate in bps and pps.Output Rate
detail extensiveTime when the statistics for the interface were last set to zero.Statistics lastcleared
detail extensiveNumber and rate of bytes andpackets receivedand transmittedon thephysicalinterface.
• Input bytes—Number of bytes received on the interface
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Gigabit Ethernet and 10-Gigabit Ethernet IQ PICs count the overhead and CRCbytes.
For Gigabit Ethernet IQ PICs, the input byte counts vary by interface type. Formore information, see Table 31 under the show interfaces command.
Traffic statistics
515Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInput errors on the interface. The following paragraphs explain the counterswhosemeaning might not be obvious:
• Errors—Sum of the incoming frame aborts and FCS errors.
• Drops—Number of packets dropped by the input queue of the I/O ManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• Framing errors—Number of packets receivedwith an invalid frame checksum(FCS).
• Runts—Number of frames received that are smaller than the runt threshold.
• Policed discards—Number of frames that the incoming packet match codediscarded because they were not recognized or not of interest. Usually, thisfield reports protocols that the Junos OS does not handle.
• L3 incompletes—Number of incoming packets discarded because they failedLayer 3 (usually IPv4) sanity checks of the header. For example, a framewithless than 20 bytes of available IP header is discarded. L3 incomplete errorscan be ignored by configuring the ignore-l3-incompletes statement.
• L2 channel errors—Number of times the software did not find a valid logicalinterface for an incoming frame.
• L2mismatch timeouts—Number of malformed or short packets that causedthe incoming packet handler to discard the frame as unreadable.
• FIFO errors—Number of FIFO errors in the receive direction that are reportedby the ASIC on the PIC. If this value is ever nonzero, the PIC is probablymalfunctioning.
• Resource errors—Sum of transmit drops.
Input errors
Copyright © 2018, Juniper Networks, Inc.516
Broadband Subscriber ManagementWholesale Feature Guide
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveOutput errors on the interface. The following paragraphs explain the counterswhosemeaning might not be obvious:
• Carrier transitions—Number of times the interface has gone from down to up.This number does not normally increment quickly, increasing only when thecable is unplugged, the far-end system is powered down and then up, oranotherproblemoccurs. If thenumberof carrier transitions incrementsquickly(perhaps once every 10 seconds), the cable, the far-end system, or the PICor PIM is malfunctioning.
• Errors—Sum of the outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• Collisions—Number of Ethernet collisions. TheGigabit Ethernet PIC supportsonly full-duplex operation, so for Gigabit Ethernet PICs, this number shouldalways remain 0. If it is nonzero, there is a software bug.
• Aged packets—Number of packets that remained in shared packet SDRAMso long that the system automatically purged them. The value in this fieldshould never increment. If it does, it is most likely a software bug or possiblymalfunctioning hardware.
• FIFO errors—Number of FIFO errors in the send direction as reported by theASIC on the PIC. If this value is ever nonzero, the PIC is probablymalfunctioning.
• HS link CRC errors—Number of errors on the high-speed links between theASICs responsible for handling the router interfaces.
• MTUerrors—NumberofpacketswhosesizeexceededtheMTUof the interface.
• Resource errors—Sum of transmit drops.
Output errors
detail extensiveTotal number of egress queues supported on the specified interface.
NOTE: InDPCs thatarenotof theenhanced type, suchasDPC40x 1GER,DPCE20x 1GE + 2x 10GE R, or DPCE 40x 1GE R, youmight notice a discrepancy in theoutput of the show interfaces command because incoming packets might becounted in the Egress queues section of the output. This problem occurs onnon-enhanced DPCs because the egress queue statistics are polled from IMQ(Inbound Message Queuing) block of the I-chip. The IMQ block does notdifferentiate between ingress and egressWAN traffic; as a result, the combinedstatistics are displayed in the egress queue counters on the Routing Engine. Ina simple VPLS scenorio, if there is no MAC entry in DMAC table (by sendingunidirectional traffic), traffic is floodedand the input traffic is accounted in IMQ.For bidirectional traffic (MAC entry in DMAC table), if the outgoing interface ison the same I-chip then both ingress and egress statistics are counted in acombinedway. If the outgoing interface is on a different I-chip or FPC, then onlyegress statistics are accounted in IMQ. This behavior is expected withnon-enhanced DPCs
Egress queues
detail extensiveCoS queue number and its associated user-configured forwarding class name.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Droppedpackets—Numberofpacketsdroppedby theASIC'sREDmechanism.
Queue counters(Egress)
517Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveTotal number of ingress queues supported on the specified interface. Displayedon IQ2 interfaces.
Ingress queues
extensiveCoS queue number and its associated user-configured forwarding class name.Displayed on IQ2 interfaces.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Droppedpackets—Numberofpacketsdroppedby theASIC'sREDmechanism.
Queue counters(Ingress)
detail extensive noneEthernet-specific defects that can prevent the interface from passing packets.When a defect persists for a certain amount of time, it is promoted to an alarm.Based on the routing device configuration, an alarm can ring the red or yellowalarm bell on the routing device, or turn on the red or yellow alarm LED on thecraft interface. These fields can contain the value None or Link.
• None—There are no active defects or alarms.
• Link—Interface has lost its link state, which usually means that the cable isunplugged, the far-end system has been turned off, or the PIC ismalfunctioning.
Active alarms andActive defects
The forward error correction (FEC) counters provide the following statistics:.
• Corrected Errors—The count of corrected errors in the last second.
• Corrected Error Ratio—The corrected error ratio in the last 25 seconds. Forexample, 1e-7 is 1 error per 10 million bits.
OTN FEC statistics
detail extensive(10-Gigabit Ethernet interfaces) Displays Physical Coding Sublayer (PCS) faultconditions from theWAN PHY or the LAN PHY device.
• Bit errors—The number of seconds during which at least one bit error rate(BER) occurred while the PCS receiver is operating in normal mode.
• Errored blocks—The number of seconds when at least one errored blockoccurred while the PCS receiver is operating in normal mode.
PCS statistics
Copyright © 2018, Juniper Networks, Inc.518
Broadband Subscriber ManagementWholesale Feature Guide
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveReceive and Transmit statistics reported by the PIC'sMAC subsystem, includingthe following:
• Total octets and total packets—Total number of octets and packets. ForGigabit Ethernet IQ PICs, the received octets count varies by interface type.For more information, see Table 31 under the show interfaces command.
• Unicastpackets,Broadcastpackets,andMulticastpackets—Numberofunicast,broadcast, andmulticast packets.
• CRC/Align errors—Total number of packets received that had a length(excluding framing bits, but including FCS octets) of between 64 and 1518octets, inclusive, and had either a bad FCSwith an integral number of octets(FCS Error) or a bad FCS with a nonintegral number of octets (AlignmentError).
• FIFO error—Number of FIFO errors that are reported by the ASIC on the PIC.If this value is ever nonzero, the PIC or a cable is probably malfunctioning.
• MAC control frames—Number of MAC control frames.
• MAC pause frames—Number of MAC control frames with pause operationalcode.
• Oversized frames—Number of frames that exceed 1518 octets.
• Jabberframes—Numberof frames thatwere longer than 1518octets (excludingframing bits, but including FCS octets), and had either an FCS error or analignment error. This definition of jabber is different from the definition inIEEE-802.3 section 8.2.1.5 (10BASE5) and section 10.3.1.4 (10BASE2). Thesedocuments define jabber as the condition in which any packet exceeds 20ms. The allowed range to detect jabber is from 20ms to 150ms.
• Fragment frames—Total number of packets that were less than 64 octets inlength (excluding framing bits, but including FCS octets), and had either anFCSerrororanalignmenterror. Fragment framesnormally incrementbecauseboth runts (which are normal occurrences caused by collisions) and noisehits are counted.
• VLAN tagged frames—Number of frames that are VLAN tagged. The systemuses theTPIDof0x8100 in the frame todeterminewhether a frame is taggedor not.
• Codeviolations—Number of times an event caused thePHY to indicate “Datareception error” or “invalid data symbol error.”
MAC statistics
extensiveAPS/PCC0:0x02, APS/PCC1: 0x11, APS/PCC2: 0x47, APS/PCC3: 0x58PayloadType: 0x08
OTNReceivedOverhead Bytes
extensiveAPS/PCC0: 0x00, APS/PCC1: 0x00, APS/PCC2: 0x00, APS/PCC3: 0x00Payload Type: 0x08
OTN TransmittedOverhead Bytes
519Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveReceive and Transmit statistics reported by the PIC's MAC address filtersubsystem. The filtering is done by the content-addressable memory (CAM)on thePIC.The filter examinesapacket's sourceanddestinationMACaddressesto determine whether the packet should enter the system or be rejected.
• Input packet count—Number of packets received from the MAC hardwarethat the filter processed.
• Input packet rejects—Number of packets that the filter rejected because ofeither the source MAC address or the destination MAC address.
• Input DA rejects—Number of packets that the filter rejected because thedestination MAC address of the packet is not on the accept list. It is normalfor this value to increment. When it increments very quickly and no traffic isentering the routingdevice from the far-end system, either there is a badARPentry on the far-end system, or multicast routing is not on and the far-endsystem is sendingmanymulticast packets to the local routing device (whichthe routing device is rejecting).
• Input SA rejects—Number of packets that the filter rejected because thesource MAC address of the packet is not on the accept list. The value in thisfield should increment only if sourceMACaddress filtering has been enabled.If filtering is enabled, if the value increments quickly, and if the system is notreceiving traffic that it should from the far-end system, it means that theuser-configured source MAC addresses for this interface are incorrect.
• Output packet count—Number of packets that the filter has given to theMAChardware.
• Output packet pad count—Number of packets the filter padded to theminimum Ethernet size (60 bytes) before giving the packet to the MAChardware. Usually, padding is doneonly on small ARPpackets, but someverysmall IP packets can also require padding. If this value increments rapidly,either the system is trying to find anARPentry for a far-end system that doesnot exist or it is misconfigured.
• Output packet error count—Number of packets with an indicated error thatthe filter was given to transmit. These packets are usually aged packets orare the result of a bandwidth problem on the FPC hardware. On a normalsystem, the value of this field should not increment.
• CAMdestination filters, CAM source filters—Number of entries in the CAMdedicated to destination and source MAC address filters. There can only beup to 64 source entries. If source filtering is disabled, which is the default, thevalues for these fields should be 0.
Filter statistics
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) SONET error information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• PHY Lock—Phase-locked loop
• PHY Light—Loss of optical signal
PMAPHY
Copyright © 2018, Juniper Networks, Inc.520
Broadband Subscriber ManagementWholesale Feature Guide
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) SONET error information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• BIP-B1—Bit interleaved parity for SONET section overhead
• SEF—Severely errored framing
• LOL—Loss of light
• LOF—Loss of frame
• ES-S—Errored seconds (section)
• SES-S—Severely errored seconds (section)
• SEFS-S—Severely errored framing seconds (section)
WIS section
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) Active alarms and defects,plus counts of specific SONET errors with detailed information.
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. State other thanOK indicates a problem.
Subfields are:
• BIP-B2—Bit interleaved parity for SONET line overhead
• REI-L—Remote error indication (near-end line)
• RDI-L—Remote defect indication (near-end line)
• AIS-L—Alarm indication signal (near-end line)
• BERR-SF—Bit error rate fault (signal failure)
• BERR-SD—Bit error rate defect (signal degradation)
• ES-L—Errored seconds (near-end line)
• SES-L—Severely errored seconds (near-end line)
• UAS-L—Unavailable seconds (near-end line)
• ES-LFE—Errored seconds (far-end line)
• SES-LFE—Severely errored seconds (far-end line)
• UAS-LFE—Unavailable seconds (far-end line)
WIS line
521Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) Active alarms and defects,plus counts of specific SONET errors with detailed information.
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• BIP-B3—Bit interleaved parity for SONET section overhead
• REI-P—Remote error indication
• LOP-P—Loss of pointer (path)
• AIS-P—Path alarm indication signal
• RDI-P—Path remote defect indication
• UNEQ-P—Path unequipped
• PLM-P—Path payload (signal) label mismatch
• ES-P—Errored seconds (near-end STS path)
• SES-P—Severely errored seconds (near-end STS path)
• UAS-P—Unavailable seconds (near-end STS path)
• SES-PFE—Severely errored seconds (far-end STS path)
• UAS-PFE—Unavailable seconds (far-end STS path)
WIS path
Copyright © 2018, Juniper Networks, Inc.522
Broadband Subscriber ManagementWholesale Feature Guide
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInformation about link autonegotiation.
• Negotiation status:
• Incomplete—Ethernet interface has the speed or link mode configured.
• Noautonegotiation—RemoteEthernet interfacehas thespeedor linkmodeconfigured, or does not perform autonegotiation.
• Complete—Ethernet interface is connected to a device that performsautonegotiation and the autonegotiation process is successful.
• Linkpartner status—OKwhenEthernet interface is connected to adevice thatperforms autonegotiation and the autonegotiation process is successful.
• Link partner:
• Linkmode—Depending on the capability of the attached Ethernet device,either Full-duplex or Half-duplex.
• Flow control—Types of flow control supported by the remote Ethernetdevice. For Fast Ethernet interfaces, the type is None. For Gigabit Ethernetinterfaces, types are Symmetric (link partner supports PAUSE on receiveand transmit),Asymmetric (link partner supportsPAUSEon transmit), andSymmetric/Asymmetric (link partner supports both PAUSE on receive andtransmit or only PAUSE receive).
• Remote fault—Remote fault information from the link partner—Failureindicates a receive link error.OK indicates that the link partner is receiving.Negotiation error indicates a negotiation error.Offline indicates that thelink partner is going offline.
• Local resolution—Information from the link partner:
• Flow control—Types of flow control supported by the remote Ethernetdevice. For Gigabit Ethernet interfaces, types are Symmetric (link partnersupportsPAUSEon receiveandtransmit),Asymmetric (linkpartner supportsPAUSE on transmit), and Symmetric/Asymmetric (link partner supportsboth PAUSE on receive and transmit or only PAUSE receive).
• Remote fault—Remote fault information. Link OK (no error detected onreceive),Offline (local interface is offline), and Link Failure (link errordetected on receive).
Autonegotiationinformation
extensive(10-Gigabit Ethernet interfaces,WANPHYmode)SONET/SDH interfacesallowpath tracebytes tobesent inbandacross theSONET/SDH link. JuniperNetworksand other routing device manufacturers use these bytes to help diagnosemisconfigurations and network errors by setting the transmitted path tracemessage so that it contains the system hostname and name of the physicalinterface. The receivedpath trace value is themessage received fromthe routingdevice at the other end of the fiber. The transmitted path trace value is themessage that this routing device transmits.
Received pathtrace, Transmittedpath trace
extensiveInformation about the configuration of the Packet Forwarding Engine:
• Destination slot—FPC slot number.
Packet ForwardingEngineconfiguration
523Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInformation about the CoS queue for the physical interface.
• CoS transmit queue—Queue number and its associated user-configuredforwarding class name.
• Bandwidth%—Percentage of bandwidth allocated to the queue.
• Bandwidth bps—Bandwidth allocated to the queue (in bps).
• Buffer%—Percentage of buffer space allocated to the queue.
• Bufferusec—Amountofbuffer spaceallocated to thequeue, inmicroseconds.This value is nonzero only if the buffer size is configured in terms of time.
• Priority—Queue priority: low or high.
• Limit—Displayed if rate limiting is configured for the queue. Possible valuesare none and exact. If exact is configured, the queue transmits only up to theconfigured bandwidth, even if excess bandwidth is available. If none isconfigured, the queue transmits beyond the configured bandwidth ifbandwidth is available.
CoS information
Logical Interface
All levelsName of the logical interface.Logical interface
detail extensive noneIndex number of the logical interface, which reflects its initialization sequence.Index
detail extensive noneSNMP interface index number for the logical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsInformation about the logical interface. Possible values are described in the“Logical Interface Flags” section under Common Output Fields Description.
Flags
brief detail extensivenone
Rewrite profile applied to incoming or outgoing frameson the outer (Out) VLANtag or for both the outer and inner (In) VLAN tags.
• push—An outer VLAN tag is pushed in front of the existing VLAN tag.
• pop—The outer VLAN tag of the incoming frame is removed.
• swap—Theouter VLAN tag of the incoming frame is overwrittenwith the userspecified VLAN tag information.
• push—An outer VLAN tag is pushed in front of the existing VLAN tag.
• push-push—Two VLAN tags are pushed in from the incoming frame.
• swap-push—The outer VLAN tag of the incoming frame is replaced by auser-specified VLAN tag value. A user-specified outer VLAN tag is pushed infront. The outer tag becomes an inner tag in the final frame.
• swap-swap—Both the inner and the outer VLAN tags of the incoming frameare replaced by the user specified VLAN tag value.
• pop-swap—The outer VLAN tag of the incoming frame is removed, and theinner VLAN tag of the incoming frame is replaced by the user-specifiedVLANtag value. The inner tag becomes the outer tag in the final frame.
• pop-pop—Both the outer and inner VLAN tags of the incoming frame areremoved.
VLAN-Tag
Copyright © 2018, Juniper Networks, Inc.524
Broadband Subscriber ManagementWholesale Feature Guide
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneIP demultiplexing (demux) value that appears if this interface is used as thedemux underlying interface. The output is one of the following:
• Source Family Inet
• Destination Family Inet
Demux:
All levelsEncapsulation on the logical interface.Encapsulation
detail extensive noneProtocol family. Possible values are described in the “Protocol Field” sectionunder Common Output Fields Description.
Protocol
detail extensive noneMaximum transmission unit size on the logical interface.MTU
detail extensive noneMaximum number of MPLS labels configured for the MPLS protocol family onthe logical interface.
Maximum labels
detail extensiveNumberand rateofbytesandpackets receivedand transmittedon the specifiedinterface set.
• Input bytes, Output bytes—Number of bytes received and transmitted on theinterface set
• Input packets, Output packets—Number of packets received and transmittedon the interface set.
Traffic statistics
extensiveNumber of IPv6 transit bytes and packets received and transmitted on thelogical interface if IPv6 statistics tracking is enabled.
IPv6 transitstatistics
extensiveNumber and rate of bytes and packets destined to the routing device.Local statistics
extensiveNumber and rate of bytes and packets transiting the switch.
NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the logicalinterface egress statistics might not accurately reflect the traffic on the wirewhen output shaping is applied. Traffic management output shaping mightdrop packets after they are tallied by theOutput bytes andOutput packetsinterface counters. However, correct values display for both of these egressstatistics when per-unit scheduling is enabled for the Gigabit Ethernet IQ2physical interface, or when a single logical interface is actively using a sharedscheduler.
Transit statistics
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensive noneRoute table in which the logical interface address is located. For example, 0refers to the routing table inet.0.
Route Table
detail extensiveInformation about protocol family flags. Possible values are described in the“Family Flags” section under Common Output Fields Description.
Flags
detail extensive none(UnnumberedEthernet) Interface fromwhichanunnumberedEthernet interfaceborrows an IPv4 address.
Donor interface
525Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 24: show interfaces Fast Ethernet Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive none(UnnumberedEthernet)Secondary IPv4addressof thedonor loopback interfacethatactsas thepreferredsourceaddress for theunnumberedEthernet interface.
Preferred sourceaddress
detail extensiveNames of any input filters applied to this interface. If you specify a precedencevalue for any filter in a dynamic profile, filter precedence values appear inparenthesis next to all interfaces.
Input Filters
detail extensiveNamesof any output filters applied to this interface. If you specify a precedencevalue for any filter in a dynamic profile, filter precedence values appear inparenthesis next to all interfaces.
Output Filters
detail extensive noneNumber of MAC address validation failures for packets and bytes. This field isdisplayed when MAC address validation is enabled for the logical interface.
Mac-ValidateFailures
detail extensive noneInformation about the address flags. Possible values are described in the“Addresses Flags” section under Common Output Fields Description.
Addresses, Flags
briefProtocol family configured on the logical interface. If the protocol is inet, the IPaddress of the interface is also displayed.
protocol-family
detail extensive noneInformationaboutaddress flag (possible valuesaredescribed in the “AddressesFlags” section under Common Output Fields Description.
Flags
detail extensive noneIP address of the remote side of the connection.Destination
detail extensive noneIP address of the logical interface.Local
detail extensive noneBroadcast address of the logical interlace.Broadcast
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
Sample Output
show interfaces (Fast Ethernet)
user@host> show interfaces fe-0/0/0Physical interface: fe-0/0/0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 22 Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 CoS queues : 4 supported, 4 maximum usable queues Current address: 00:00:5e:00:53:38, Hardware address: 00:00:5e:00:53:38 Last flapped : 2006-01-20 14:50:58 PST (2w4d 00:44 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : None Active defects : None Logical interface fe-0/0/0.0 (Index 66) (SNMP ifIndex 198) Flags: SNMP-Traps Encapsulation: ENET2
Copyright © 2018, Juniper Networks, Inc.526
Broadband Subscriber ManagementWholesale Feature Guide
Protocol inet, MTU: 1500 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113/24, Local: 203.0.113.1, Broadcast: 203.0.113.255
show interfaces brief (Fast Ethernet)
user@host> show interfaces fe-0/0/0 briefPhysical interface: fe-0/0/0, Enabled, Physical link is Up Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Logical interface fe-0/0/0.0 Flags: SNMP-Traps Encapsulation: ENET2 inet 203.0.113.1/24
show interfaces detail (Fast Ethernet)
user@host> show interfaces fe-0/0/0 detailPhysical interface: fe-0/0/0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 22, Generation: 5391 Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 CoS queues : 4 supported, 4 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:38, Hardware address: 00:00:5e:00:53:3f:38 Last flapped : 2006-01-20 14:50:58 PST (2w4d 00:45 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 42 0 bps Input packets: 0 0 pps Output packets: 1 0 pps Active alarms : None Active defects : None Logical interface fe-0/0/0.0 (Index 66) (SNMP ifIndex 198) (Generation 67) Flags: SNMP-Traps Encapsulation: ENET2 Protocol inet, MTU: 1500, Generation: 105, Route table: 0 Flags: Is-Primary, Mac-Validate-Strict Mac-Validate Failures: Packets: 0, Bytes: 0 Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113/24, Local: 203.0.113.1, Broadcast: 203.0.113.255, Generation: 136
show interfaces extensive (Fast Ethernet)
user@host> show interfaces fe-0/0/0 extensivePhysical interface: fe-0/0/0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 22, Generation: 5391 Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 100mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 CoS queues : 4 supported, 4 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:38, Hardware address: 00:00:5e:00:53:38
527Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Last flapped : 2006-01-20 14:50:58 PST (2w4d 00:46 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 42 0 bps Input packets: 0 0 pps Output packets: 1 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 3, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Active alarms : None Active defects : None MAC statistics: Receive Transmit Total octets 0 64 Total packets 0 1 Unicast packets 0 0 Broadcast packets 0 1 Multicast packets 0 0 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0Filter statistics: Input packet count 0 Input packet rejects 0 Input DA rejects 0 Input SA rejects 0 Output packet count 1 Output packet pad count 0 Output packet error count 0 CAM destination filters: 1, CAM source filters: 0 Autonegotiation information: Negotiation status: Complete Link partner: Link partner: Full-duplex, Flow control: None, Remote fault: Ok Local resolution:Packet Forwarding Engine configuration: Destination slot: 0CoS information: Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none Logical interface fe-0/0/0.0 (Index 66) (SNMP ifIndex 198) (Generation 67) Flags: SNMP-Traps Encapsulation: ENET2 Protocol inet, MTU: 1500, Generation: 105, Route table: 0 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113/24, Local: 203.0.113.1, Broadcast: 203.0.113.255,
Generation: 136
Copyright © 2018, Juniper Networks, Inc.528
Broadband Subscriber ManagementWholesale Feature Guide
529Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show interfaces
List of Syntax Syntax (Gigabit Ethernet) on page 530
Syntax (10 Gigabit Ethernet) on page 530
Syntax (SRX Series Devices) on page 530
Syntax (GigabitEthernet)
show interfaces ge-fpc/pic/port<brief | detail | extensive | terse><descriptions><media><snmp-index snmp-index><statistics>
Syntax (10 GigabitEthernet)
show interfaces xe-fpc/pic/port<brief | detail | extensive | terse><descriptions><media><snmp-index snmp-index><statistics>
Syntax (SRX SeriesDevices)
show interfaces (<interface-name><brief | detail | extensive | terse><controller interface-name>|<descriptions interface-name>|<destination-class (all | destination-class-name logical-interface-name)>|<diagnostics optics interface-name>|<far-end-interval interface-fpc/pic/port>|<filters interface-name>|<flow-statistics interface-name>|<interval interface-name>|<load-balancing (detail | interface-name)>|<mac-databasemac-addressmac-address>|<mc-ae id identifier unit number revertive-info>|<media interface-name>|<policers interface-name>|<queueboth-ingress-egressegress forwarding-class forwarding-class ingress l2-statistics>|<redundancy (detail | interface-name)>|<routing brief detail summary interface-name>|<routing-instance (all | instance-name)>|<snmp-index snmp-index>|<source-class (all | destination-class-name logical-interface-name)>|<statistics interface-name>|<switch-port switch-port number>|<transport pm (all | optics | otn) (all | current | currentday | interval | previousday) (all |interface-name)>|
<zone interface-name>)
Release Information Command introduced before Junos OS Release 7.4 for Gigabit interfaces.
Command introduced in Junos OS Release 8.0 for 10 Gigabit interfaces.
Commandmodified in Junos OS Release 9.5 for SRX Series devices.
Copyright © 2018, Juniper Networks, Inc.530
Broadband Subscriber ManagementWholesale Feature Guide
Command introduced in Junos OS Release 18.1 for Gigabit interfaces.
Description Display status information about the specified Gigabit Ethernet interface.
(M320, M120, MX Series, and T Series routers only) Display status information about the
specified 10-Gigabit Ethernet interface.
Display the IPv6 interface traffic statistics about the specified Gigabit Ethernet interface
for MX series routers. The input and output bytes (bps) and packets (pps) rates are not
displayed for IFD and local traffic.
Display status informationandstatisticsabout interfacesonSRXSeriesappliance running
Junos OS.
NOTE: On SRX Series appliances, on configuring identical IPs on a singleinterface, you will not see a warningmessage; instead, you will see a syslogmessage.
Options For Gigabit interfaces:
ge-fpc/pic/port—Display standard information about the specified Gigabit Ethernet
interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about network interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP index
of the interface.
statistics—(Optional) Display static interface statistics.
For 10 Gigabit interfaces:
xe-fpc/pic/port—Display standard information about the specified 10-Gigabit Ethernet
interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about network interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP index
of the interface.
statistics—(Optional) Display static interface statistics.
For SRX interfaces:
531Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
• interface-name—(Optional)Display standard informationabout thespecified interface.
Following is a list of typical interface names. Replace pimwith the PIM slot and port
with the port number.
• at- pim/0/port—ATM-over-ADSL or ATM-over-SHDSL interface.
• ce1-pim/0/ port—Channelized E1 interface.
• cl-0/0/8—3Gwireless modem interface for SRX320 devices.
• ct1-pim/0/port—Channelized T1 interface.
• dl0—Dialer Interface for initiating ISDN and USBmodem connections.
• e1-pim/0/port—E1 interface.
• e3-pim/0/port—E3 interface.
• fe-pim/0/port—Fast Ethernet interface.
• ge-pim/0/port—Gigabit Ethernet interface.
• se-pim/0/port—Serial interface.
• t1-pim/0/port—T1 (also called DS1) interface.
• t3-pim/0/port—T3 (also called DS3) interface.
• wx-slot/0/0—WAN acceleration interface, for theWXC Integrated Services Module
(ISM 200).
• interface-name—(Optional) Display standard information about the specified
interface. Following is a list of typical interface names. Replace pimwith the PIM
slot and port with the port number.
• at- pim/0/port—ATM-over-ADSL or ATM-over-SHDSL interface.
• ce1-pim/0/ port—Channelized E1 interface.
• cl-0/0/8—3Gwireless modem interface for SRX320 devices.
• ct1-pim/0/port—Channelized T1 interface.
• dl0—Dialer Interface for initiating ISDN and USBmodem connections.
• e1-pim/0/port—E1 interface.
• e3-pim/0/port—E3 interface.
• fe-pim/0/port—Fast Ethernet interface.
• ge-pim/0/port—Gigabit Ethernet interface.
• se-pim/0/port—Serial interface.
• t1-pim/0/port—T1 (also called DS1) interface.
Copyright © 2018, Juniper Networks, Inc.532
Broadband Subscriber ManagementWholesale Feature Guide
• t3-pim/0/port—T3 (also called DS3) interface.
• wx-slot/0/0—WANacceleration interface, for theWXC IntegratedServicesModule
(ISM 200).
Additional Information In a logical system, this command displays information only about the logical interfaces
and not about the physical interfaces.
Required PrivilegeLevel
view
RelatedDocumentation
Understanding Layer 2 Interfaces on Security Devices•
• Verifying and Managing Agent Circuit Identifier-Based Dynamic VLAN Configuration
• Verifying and Managing Configurations for Dynamic VLANs Based on Access-Line
Identifiers
List of Sample Output show interfaces (Gigabit Ethernet) on page 570show interfaces (Gigabit Ethernet onMX Series Routers) on page 570show interfaces (link degrade status) on page 571show interfaces extensive (Gigabit Ethernet onMX Series Routers showing interfacetransmit statistics configuration) on page 571show interfaces brief (Gigabit Ethernet) on page 572show interfaces detail (Gigabit Ethernet) on page 572show interfaces extensive (Gigabit Ethernet IQ2) on page 574show interfaces (Gigabit Ethernet Unnumbered Interface) on page 577show interfaces (ACI Interface Set Configured) on page 577show interfaces (ALI Interface Set) on page 577show interfaces extensive (10-Gigabit Ethernet, LAN PHYMode, IQ2) on page 578show interfaces extensive (10-Gigabit Ethernet, WANPHYMode) on page 580show interfaces extensive (10-Gigabit Ethernet, DWDMOTNPIC) on page 582show interfaces extensive (10-Gigabit Ethernet, LAN PHYMode, UnidirectionalMode) on page 584show interfaces extensive (10-Gigabit Ethernet, LANPHYMode, UnidirectionalMode,Transmit-Only) on page 585show interfaces extensive (10-Gigabit Ethernet, LANPHYMode, UnidirectionalMode,Receive-Only) on page 586Sample Output SRXGigabit Ethernet on page 587Sample Output SRXGigabit Ethernet on page 587show interfaces detail (Gigabit Ethernet) on page 588show interfaces statistics st0.0 detail on page 590show interfaces extensive (Gigabit Ethernet) on page 591show interfaces terse on page 593show interfaces controller (Channelized E1 IQwith Logical E1) on page 594show interfaces controller (Channelized E1 IQwith Logical DS0) on page 594show interfaces descriptions on page 594show interfaces destination-class all on page 594
533Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show interfaces diagnostics optics on page 595show interfaces far-end-interval coc12-5/2/0 on page 595show interfaces far-end-interval coc1-5/2/1:1 on page 596show interfaces filters on page 596show interfaces flow-statistics (Gigabit Ethernet) on page 596show interfaces interval (Channelized OC12) on page 597show interfaces interval (E3) on page 598show interfaces interval (SONET/SDH) (SRX devices) on page 598show interfaces load-balancing (SRX devices) on page 598show interfaces load-balancing detail (SRX devices) on page 599showinterfacesmac-database(AllMACAddressesonaPortSRXdevices)onpage599show interfacesmac-database (All MAC Addresses on a Service SRXdevices) on page 599show interfacesmac-databasemac-address on page 600show interfacesmc-ae (SRX devices) on page 600show interfacesmedia (SONET/SDH) on page 600show interfaces policers (SRX devices) on page 601show interfaces policers interface-name (SRX devices) on page 601show interfaces queue (SRX devices) on page 601show interfaces redundancy (SRX devices) on page 602show interfaces redundancy (Aggregated Ethernet SRX devices) on page 603show interfaces redundancy detail (SRX devices) on page 603show interfaces routing brief (SRX devices) on page 603show interfaces routing detail (SRX devices) on page 603show interfaces routing-instance all (SRX devices) on page 604show interfaces snmp-index (SRX devices) on page 604show interfaces source-class all (SRX devices) on page 604show interfaces statistics (Fast Ethernet SRX devices) on page 605show interfaces switch-port (SRX devices) on page 605show interfaces transport pm (SRX devices) on page 606show security zones (SRX devices) on page 607
Output Fields Table25onpage534describes theoutput fields for the showinterfaces (Gigabit Ethernet)
command. Output fields are listed in the approximate order in which they appear. For
Gigabit Ethernet IQ and IQE PICs, the traffic and MAC statistics vary by interface type.
For more information, see Table 26 on page 562.
Table 25: show interfaces (Gigabit Ethernet) Output Fields
Level of OutputField DescriptionField Name
Physical Interface
All levelsName of the physical interface.Physical interface
All levelsState of the interface. Possible values are described in the “Enabled Field”section under Common Output Fields Description.
Enabled
detail extensive noneIndexnumber of thephysical interface,which reflects its initialization sequence.Interface index
detail extensive noneSNMP index number for the physical interface.SNMP ifIndex
Copyright © 2018, Juniper Networks, Inc.534
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsEncapsulation being used on the physical interface.Link-level type
All levelsMaximum transmission unit size on the physical interface.MTU
All levelsSpeed at which the interface is running.Speed
All levelsLoopback status: Enabled or Disabled. If loopback is enabled, type of loopback:Local or Remote.
Loopback
All levelsSource filtering status: Enabled or Disabled.Source filtering
All levels10-Gigabit Ethernet interface operating in Local Area Network Physical LayerDevice (LAN PHY)mode. LAN PHY allows 10-Gigabit Ethernet wide area linksto use existing Ethernet applications.
LAN-PHYmode
All levels10-Gigabit Ethernet interface operating inWide Area Network Physical LayerDevice (WANPHY)mode.WANPHYallows 10-Gigabit Ethernetwide area linksto use fiber-optic cables and other devices intended for SONET/SDH.
WAN-PHYmode
All levelsUnidirectional link mode status for 10-Gigabit Ethernet interface: Enabled orDisabled for parent interface; Rx-only or Tx-only for child interfaces.
Unidirectional
All levelsFlow control status: Enabled or Disabled.Flow control
All levels(Gigabit Ethernet interfaces) Autonegotiation status: Enabled or Disabled.Auto-negotiation
All levels(Gigabit Ethernet interfaces) Remote fault status:
• Online—Autonegotiation is manually configured as online.
• Offline—Autonegotiation is manually configured as offline.
Remote-fault
All levelsInformation about the physical device. Possible values are described in the“Device Flags” section under Common Output Fields Description.
Device flags
All levelsInformation about the interface. Possible values are described in the “InterfaceFlags” section under Common Output Fields Description.
Interface flags
All levelsInformation about the link. Possible values are described in the “Links Flags”section under Common Output Fields Description.
Link flags
All levels(10-Gigabit Ethernet dense wavelength-division multiplexing [DWDM]interfaces) Displays the configured wavelength, in nanometers (nm).
Wavelength
All levels(10-Gigabit Ethernet DWDM interfaces only) Displays the frequency associatedwith the configured wavelength, in terahertz (THz).
Frequency
detail extensive noneNumber of CoS queues configured.CoS queues
535Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensive(Gigabit Ethernet intelligent queuing 2 [IQ2] interfaces only) Number of CoSschedulers configured.
Schedulers
detail extensiveCurrent interface hold-time up and hold-time down, in milliseconds (ms).Hold-times
detail extensive noneConfigured MAC address.Current address
detail extensive noneHardware MAC address.Hardware address
detail extensive noneDate, time, and how long ago the interface went from down to up. The formatisLast flapped:year-month-dayhour:minute:second:timezone (hour:minute:secondago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Last flapped
NoneInput rate in bits per second (bps) and packets per second (pps). The value inthis field also includes the Layer 2 overhead bytes for ingress traffic on Ethernetinterfaces if you enable accounting of Layer 2 overhead at the PIC level or thelogical interface level.
Input Rate
NoneOutput rate in bps and pps. The value in this field also includes the Layer 2overheadbytes for egress traffic onEthernet interfaces if youenableaccountingof Layer 2 overhead at the PIC level or the logical interface level.
Output Rate
detail extensiveTime when the statistics for the interface were last set to zero.Statistics last cleared
detail extensiveLayer 2 overhead in bytes that is accounted in the interface statistics for egresstraffic.
Egress accountoverhead
detail extensiveLayer 2 overhead in bytes that is accounted in the interface statistics for ingresstraffic.
Ingress accountoverhead
detail extensiveNumber and rate of bytes andpackets receivedand transmittedon thephysicalinterface.
• Input bytes—Number of bytes received on the interface. The value in this fieldalso includes the Layer 2 overhead bytes for ingress traffic on Ethernetinterfaces if you enable accounting of Layer 2 overhead at the PIC level orthe logical interface level.
• Output bytes—Number of bytes transmitted on the interface. The value inthis fieldalso includes theLayer 2overheadbytes for egress traffic onEthernetinterfaces if you enable accounting of Layer 2 overhead at the PIC level orthe logical interface level.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Gigabit Ethernet and 10-Gigabit Ethernet IQ PICs count the overhead and CRCbytes.
For Gigabit Ethernet IQ PICs, the input byte counts vary by interface type. Formore information, see Table 31 under the show interfaces command.
Traffic statistics
Copyright © 2018, Juniper Networks, Inc.536
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInput errors on the interface. The following paragraphs explain the counterswhosemeaning might not be obvious:
• Errors—Sum of the incoming frame aborts and FCS errors.
• Drops—Number of packets dropped by the input queue of the I/O ManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• Framing errors—Number of packets receivedwith an invalid frame checksum(FCS).
• Runts—Number of frames received that are smaller than the runt threshold.
• Policed discards—Number of frames that the incoming packet match codediscarded because they were not recognized or not of interest. Usually, thisfield reports protocols that Junos OS does not handle.
• L3 incompletes—Number of incoming packets discarded because they failedLayer 3 (usually IPv4) sanity checks of the header. For example, a framewithless than 20 bytes of available IP header is discarded. L3 incomplete errorscan be ignored by configuring the ignore-l3-incompletes statement.
• L2 channel errors—Number of times the software did not find a valid logicalinterface for an incoming frame.
• L2mismatch timeouts—Number of malformed or short packets that causedthe incoming packet handler to discard the frame as unreadable.
• FIFO errors—Number of FIFO errors in the receive direction that are reportedby the ASIC on the PIC. If this value is ever nonzero, the PIC is probablymalfunctioning.
• Resource errors—Sum of transmit drops.
Input errors
537Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveOutput errors on the interface. The following paragraphs explain the counterswhosemeaning might not be obvious:
• Carrier transitions—Number of times the interface has gone from down to up.This number does not normally increment quickly, increasing only when thecable is unplugged, the far-end system is powered down and then up, oranotherproblemoccurs. If thenumberof carrier transitions incrementsquickly(perhaps once every 10 seconds), the cable, the far-end system, or the PICor PIM is malfunctioning.
• Errors—Sum of the outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
NOTE: Due to accounting space limitations on certain Type 3 FPCs (whichare supported in M320 and T640 routers), the Drops field does not alwaysuse thecorrect value forqueue6orqueue7 for interfaceson 10-port 1-GigabitEthernet PICs.
• Collisions—Number of Ethernet collisions. TheGigabit Ethernet PIC supportsonly full-duplex operation, so for Gigabit Ethernet PICs, this number mustalways be 0. If it is nonzero, there is a software bug.
• Aged packets—Number of packets that remained in shared packet SDRAMso long that the system automatically purged them. The value in this fieldmust never increment. If it does, it is most likely a software bug or possiblymalfunctioning hardware.
• FIFO errors—Number of FIFO errors in the send direction as reported by theASIC on the PIC. If this value is ever nonzero, the PIC is probablymalfunctioning.
• HS link CRC errors—Number of errors on the high-speed links between theASICs responsible for handling the router interfaces.
• MTUerrors—NumberofpacketswhosesizeexceededtheMTUof the interface.
• Resource errors—Sum of transmit drops.
Output errors
detail extensiveTotal number of egress queues supported on the specified interface.
NOTE: InDPCs thatarenotof theenhanced type, suchasDPC40x 1GER,DPCE20x 1GE + 2x 10GE R, or DPCE 40x 1GE R, youmight notice a discrepancy in theoutput of the show interfaces command because incoming packets might becounted in the Egress queues section of the output. This problem occurs onnon-enhanced DPCs because the egress queue statistics are polled from IMQ(Inbound Message Queuing) block of the I-chip. The IMQ block does notdifferentiate between ingress and egressWAN traffic; as a result, the combinedstatistics are displayed in the egress queue counters on the Routing Engine. Ina simple VPLS scenario, if there is no MAC entry in DMAC table (by sendingunidirectional traffic), traffic is floodedand the input traffic is accounted in IMQ.For bidirectional traffic (MAC entry in DMAC table), if the outgoing interface ison the same I-chip then both ingress and egress statistics are counted in acombinedway. If the outgoing interface is on a different I-chip or FPC, then onlyegress statistics are accounted in IMQ. This behavior is expected withnon-enhanced DPCs
Egress queues
Copyright © 2018, Juniper Networks, Inc.538
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveCoS queue number and its associated user-configured forwarding class name.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Droppedpackets—Numberofpacketsdroppedby theASIC'sREDmechanism.
NOTE: Due to accounting space limitations on certain Type 3 FPCs (whichare supported inM320andT640 routers), theDroppedpackets fielddoesnotalways display the correct value for queue 6 or queue 7 for interfaces on10-port 1-Gigabit Ethernet PICs.
Queue counters(Egress)
extensiveTotal number of ingress queues supported on the specified interface. Displayedon IQ2 interfaces.
Ingress queues
extensiveCoS queue number and its associated user-configured forwarding class name.Displayed on IQ2 interfaces.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Droppedpackets—Numberofpacketsdroppedby theASIC'sREDmechanism.
Queue counters(Ingress)
detail extensive noneEthernet-specific defects that can prevent the interface from passing packets.When a defect persists for a certain amount of time, it is promoted to an alarm.Based on the router configuration, an alarm can ring the red or yellow alarmbell on the router, or turn on the red or yellow alarm LED on the craft interface.These fields can contain the value None or Link.
• None—There are no active defects or alarms.
• Link—Interface has lost its link state, which usually means that the cable isunplugged, the far-end system has been turned off, or the PIC ismalfunctioning.
Active alarms andActive defects
detail extensive(OnMXSeriesdevices)Statusof the interface-transmit-statisticsconfiguration:Enabled or Disabled.
• Enabled—When the interface-transmit-statistics statement is included in theconfiguration. If this is configured, the interface statistics show the actualtransmitted load on the interface.
• Disabled—When the interface-transmit-statistics statement is not includedin the configuration. If this is not configured, the interface statistics show theoffered load on the interface.
Interface transmitstatistics
detail extensiveThe forward error correction (FEC) counters provide the following statistics:
• Corrected Errors—Count of corrected errors in the last second.
• CorrectedErrorRatio—Correctederror ratio in the last 25seconds. For example,1e-7 is 1 error per 10 million bits.
OTN FEC statistics
539Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive(10-Gigabit Ethernet interfaces) Displays Physical Coding Sublayer (PCS) faultconditions from theWAN PHY or the LAN PHY device.
• Bit errors—Number of seconds during which at least one bit error rate (BER)occurred while the PCS receiver is operating in normal mode.
• Erroredblocks—Number of secondswhen at least one errored block occurredwhile the PCS receiver is operating in normal mode.
PCS statistics
detail extensiveShows the link degrade status of the physical link and the estimated bit errorrates (BERs). This field is available only for the PICs supporting the physical linkmonitoring feature.
• LinkMonitoring—Indicates if physical link degrademonitoring is enabled onthe interface.
• Enable—Indicates that link degrademonitoring has been enabled (usingthe link-degrade-monitor statement) on the interface.
• Disable—Indicates that link degrademonitoring has not been enabled onthe interface. If link degrademonitoring has not been enabled, the outputdoesnot showany related information, suchasBERvaluesand thresholds.
• Link Degrade Set Threshold—The BER threshold value at which the link isconsidered degraded and a corrective action is triggered.
• LinkDegradeClearThreshold—TheBERthreshold valueatwhich thedegradedlink is considered recovered and the corrective action applied to the interfaceis reverted.
• Estimated BER—The estimated bit error rate.
• Link-degrade event—Shows link degrade event information.
• Seconds—Time (in seconds) elapsed after a link degrade event occurred.
• Count—The number of link degrade events recorded.
• State—Shows the link degrade status (example: Defect Active).
Link Degrade
Copyright © 2018, Juniper Networks, Inc.540
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveReceive and Transmit statistics reported by the PIC'sMAC subsystem, includingthe following:
• Total octets and total packets—Total number of octets and packets. ForGigabit Ethernet IQ PICs, the received octets count varies by interface type.For more information, see Table 31 under the show interfaces command.
• Unicastpackets,Broadcastpackets,andMulticastpackets—Numberofunicast,broadcast, andmulticast packets.
• CRC/Align errors—Total number of packets received that had a length(excluding framing bits, but including FCS octets) of between 64 and 1518octets, inclusive, and had either a bad FCSwith an integral number of octets(FCS Error) or a bad FCS with a nonintegral number of octets (AlignmentError).
• FIFO error—Number of FIFO errors that are reported by the ASIC on the PIC.If this value is ever nonzero, the PIC or a cable is probably malfunctioning.
• MAC control frames—Number of MAC control frames.
• MAC pause frames—Number of MAC control frames with pause operationalcode.
• Oversized frames—There are two possible conditions regarding the numberof oversized frames:
• Packet length exceeds 1518 octets, or
• Packet length exceeds MRU
• Jabberframes—Numberof frames thatwere longer than 1518octets (excludingframing bits, but including FCS octets), and had either an FCS error or analignment error. This definition of jabber is different from the definition inIEEE-802.3 section 8.2.1.5 (10BASE5) and section 10.3.1.4 (10BASE2). Thesedocuments define jabber as the condition in which any packet exceeds 20ms. The allowed range to detect jabber is from 20ms to 150ms.
• Fragment frames—Total number of packets that were less than 64 octets inlength (excluding framing bits, but including FCS octets) and had either anFCSerrororanalignmenterror. Fragment framesnormally incrementbecauseboth runts (which are normal occurrences caused by collisions) and noisehits are counted.
• VLAN tagged frames—Number of frames that are VLAN tagged. The systemuses theTPIDof0x8100 in the frame todeterminewhether a frame is taggedor not.
NOTE: The20-portGigabitEthernetMIC(MIC-3D-20GE-SFP)doesnothavehardware counters for VLAN frames. Therefore, theVLAN tagged frames fielddisplays 0 when the show interfaces command is executed on a 20-portGigabit Ethernet MIC. In other words, the number of VLAN tagged framescannot be determined for the 20-port Gigabit Ethernet MIC.
• Codeviolations—Number of times an event caused thePHY to indicate “Datareception error” or “invalid data symbol error.”
MAC statistics
extensiveAPS/PCC0:0x02, APS/PCC1: 0x11, APS/PCC2: 0x47, APS/PCC3: 0x58PayloadType: 0x08
OTNReceivedOverhead Bytes
extensiveAPS/PCC0: 0x00, APS/PCC1: 0x00, APS/PCC2: 0x00, APS/PCC3: 0x00Payload Type: 0x08
OTN TransmittedOverhead Bytes
541Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveReceive and Transmit statistics reported by the PIC's MAC address filtersubsystem. The filtering is done by the content-addressable memory (CAM)on thePIC.The filter examinesapacket's sourceanddestinationMACaddressesto determine whether the packet may enter the system or be rejected.
• Input packet count—Number of packets received from the MAC hardwarethat the filter processed.
• Input packet rejects—Number of packets that the filter rejected because ofeither the source MAC address or the destination MAC address.
• Input DA rejects—Number of packets that the filter rejected because thedestination MAC address of the packet is not on the accept list. It is normalfor this value to increment. When it increments very quickly and no traffic isentering the router from the far-end system, either there is a bad ARP entryon the far-end system, or multicast routing is not on and the far-end systemis sending manymulticast packets to the local router (which the router isrejecting).
• Input SA rejects—Number of packets that the filter rejected because thesource MAC address of the packet is not on the accept list. The value in thisfield must increment only if source MAC address filtering has been enabled.If filtering is enabled, if the value increments quickly, and if the system is notreceiving traffic that it should from the far-end system, it means that theuser-configured source MAC addresses for this interface are incorrect.
• Output packet count—Number of packets that the filter has given to theMAChardware.
• Output packet pad count—Number of packets the filter padded to theminimum Ethernet size (60 bytes) before giving the packet to the MAChardware. Usually, padding is doneonly on small ARPpackets, but someverysmall IP packets can also require padding. If this value increments rapidly,either the system is trying to find anARPentry for a far-end system that doesnot exist or it is misconfigured.
• Output packet error count—Number of packets with an indicated error thatthe filter was given to transmit. These packets are usually aged packets orare the result of a bandwidth problem on the FPC hardware. On a normalsystem, the value of this field must not increment.
• CAMdestination filters, CAM source filters—Number of entries in the CAMdedicated to destination and source MAC address filters. There can only beup to 64 source entries. If source filtering is disabled, which is the default, thevalues for these fields must be 0.
Filter statistics
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) SONET error information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• PHY Lock—Phase-locked loop
• PHY Light—Loss of optical signal
PMAPHY
Copyright © 2018, Juniper Networks, Inc.542
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) SONET error information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• BIP-B1—Bit interleaved parity for SONET section overhead
• SEF—Severely errored framing
• LOL—Loss of light
• LOF—Loss of frame
• ES-S—Errored seconds (section)
• SES-S—Severely errored seconds (section)
• SEFS-S—Severely errored framing seconds (section)
WIS section
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) Active alarms and defects,plus counts of specific SONET errors with detailed information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• BIP-B2—Bit interleaved parity for SONET line overhead
• REI-L—Remote error indication (near-end line)
• RDI-L—Remote defect indication (near-end line)
• AIS-L—Alarm indication signal (near-end line)
• BERR-SF—Bit error rate fault (signal failure)
• BERR-SD—Bit error rate defect (signal degradation)
• ES-L—Errored seconds (near-end line)
• SES-L—Severely errored seconds (near-end line)
• UAS-L—Unavailable seconds (near-end line)
• ES-LFE—Errored seconds (far-end line)
• SES-LFE—Severely errored seconds (far-end line)
• UAS-LFE—Unavailable seconds (far-end line)
WIS line
543Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) Active alarms and defects,plus counts of specific SONET errors with detailed information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• BIP-B3—Bit interleaved parity for SONET section overhead
• REI-P—Remote error indication
• LOP-P—Loss of pointer (path)
• AIS-P—Path alarm indication signal
• RDI-P—Path remote defect indication
• UNEQ-P—Path unequipped
• PLM-P—Path payload (signal) label mismatch
• ES-P—Errored seconds (near-end STS path)
• SES-P—Severely errored seconds (near-end STS path)
• UAS-P—Unavailable seconds (near-end STS path)
• SES-PFE—Severely errored seconds (far-end STS path)
• UAS-PFE—Unavailable seconds (far-end STS path)
WIS path
Copyright © 2018, Juniper Networks, Inc.544
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInformation about link autonegotiation.
• Negotiation status:
• Incomplete—Ethernet interface has the speed or link mode configured.
• Noautonegotiation—RemoteEthernet interfacehas thespeedor linkmodeconfigured, or does not perform autonegotiation.
• Complete—Ethernet interface is connected to a device that performsautonegotiation and the autonegotiation process is successful.
• Linkpartner status—OKwhenEthernet interface is connected to adevice thatperforms autonegotiation and the autonegotiation process is successful.
• Link partner—Information from the remote Ethernet device:
• Linkmode—Depending on the capability of the link partner, eitherFull-duplex or Half-duplex.
• Flow control—Types of flow control supported by the link partner. ForGigabit Ethernet interfaces, types are Symmetric (link partner supportsPAUSEon receive and transmit),Asymmetric (link partner supportsPAUSEon transmit), Symmetric/Asymmetric (link partner supports PAUSE onreceive and transmit or only PAUSE on transmit), and None (link partnerdoes not support flow control).
• Remote fault—Remote fault information from the link partner—Failureindicates a receive link error.OK indicates that the link partner is receiving.Negotiation error indicates a negotiation error.Offline indicates that thelink partner is going offline.
• Local resolution—Information from the local Ethernet device:
• Flow control—Types of flow control supported by the local device. ForGigabit Ethernet interfaces, advertised capabilities areSymmetric/Asymmetric (local device supports PAUSE on receive andtransmitoronlyPAUSEon receive)andNone (localdevicedoesnot supportflow control). Depending on the result of the negotiation with the linkpartner, local resolution flow control type will display Symmetric (localdevice supportsPAUSEon receive and transmit),Asymmetric (local devicesupportsPAUSEon receive), andNone (local device does not support flowcontrol).
• Remote fault—Remote fault information. Link OK (no error detected onreceive),Offline (local interface is offline), and Link Failure (link errordetected on receive).
Autonegotiationinformation
extensive(10-Gigabit Ethernet interfaces,WANPHYmode)SONET/SDH interfacesallowpath tracebytes tobesent inbandacross theSONET/SDH link. JuniperNetworksand other router manufacturers use these bytes to help diagnosemisconfigurations and network errors by setting the transmitted path tracemessage so that it contains the system hostname and name of the physicalinterface. The received path trace value is themessage received from the routerat the other end of the fiber. The transmitted path trace value is the messagethat this router transmits.
Received path trace,Transmittedpathtrace
extensiveInformation about the configuration of the Packet Forwarding Engine:
• Destination slot—FPC slot number.
Packet ForwardingEngine configuration
545Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInformation about the CoS queue for the physical interface.
• CoS transmit queue—Queue number and its associated user-configuredforwarding class name.
• Bandwidth%—Percentage of bandwidth allocated to the queue.
• Bandwidth bps—Bandwidth allocated to the queue (in bps).
• Buffer%—Percentage of buffer space allocated to the queue.
• Bufferusec—Amountofbuffer spaceallocated to thequeue, inmicroseconds.This value is nonzero only if the buffer size is configured in terms of time.
• Priority—Queue priority: low or high.
• Limit—Displayed if rate limiting is configured for the queue. Possible valuesare none and exact. If exact is configured, the queue transmits only up to theconfigured bandwidth, even if excess bandwidth is available. If none isconfigured, the queue transmits beyond the configured bandwidth ifbandwidth is available.
CoS information
Logical Interface
All levelsName of the logical interface.Logical interface
detail extensive noneIndex number of the logical interface, which reflects its initialization sequence.Index
detail extensive noneSNMP interface index number for the logical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsInformation about the logical interface. Possible values are described in the“Logical Interface Flags” section under Common Output Fields Description.
Flags
brief detail extensivenone
Rewrite profile applied to incoming or outgoing frameson the outer (Out) VLANtag or for both the outer and inner (In) VLAN tags.
• push—An outer VLAN tag is pushed in front of the existing VLAN tag.
• pop—The outer VLAN tag of the incoming frame is removed.
• swap—The outer VLAN tag of the incoming frame is overwritten with theuser-specified VLAN tag information.
• push—An outer VLAN tag is pushed in front of the existing VLAN tag.
• push-push—Two VLAN tags are pushed in from the incoming frame.
• swap-push—The outer VLAN tag of the incoming frame is replaced by auser-specified VLAN tag value. A user-specified outer VLAN tag is pushed infront. The outer tag becomes an inner tag in the final frame.
• swap-swap—Both the inner and the outer VLAN tags of the incoming frameare replaced by the user-specified VLAN tag value.
• pop-swap—The outer VLAN tag of the incoming frame is removed, and theinner VLAN tag of the incoming frame is replaced by the user-specifiedVLANtag value. The inner tag becomes the outer tag in the final frame.
• pop-pop—Both the outer and inner VLAN tags of the incoming frame areremoved.
VLAN-Tag
Copyright © 2018, Juniper Networks, Inc.546
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneIP demultiplexing (demux) value that appears if this interface is used as thedemux underlying interface. The output is one of the following:
• Source Family Inet
• Destination Family Inet
Demux
All levelsEncapsulation on the logical interface.Encapsulation
brief detail extensivenone
Information displayed for agent circuit identifier (ACI) interface set configuredwith the agent-circuit-id autoconfiguration stanza.
Dynamic Profile—Name of the dynamic profile that defines the ACI interfaceset.
If configured, the ACI interface set enables the underlying Ethernet interface tocreate dynamic VLAN subscriber interfaces based on ACI information.
NOTE: The ACI VLAN field is replaced with the Line Identity field when an ALIinterface set is configured with the line-identity autoconfiguration stanza.
ACI VLAN
detailInformation displayed for access-line-identifier (ALI) interface sets configuredwith the line-identity autoconfiguration stanza.
• Dynamic Profile—Name of the dynamic profile that defines the ALI interfaceset.
• Trusted option used to create the ALI interface set: Circuit-id, Remote-id, orAccept-no-ids. More than one option can be configured.
If configured, the ALI interface set enables the underlying Ethernet interface tocreate dynamic VLAN subscriber interfaces based on ALI information.
NOTE: The Line Identity field is replaced with the ACI VLAN field when an ACIinterface set is configured with the agent-circuit-id autoconfiguration stanza.
Line Identity
detail extensive noneProtocol family. Possible values are described in the “Protocol Field” sectionunder Common Output Fields Description.
Protocol
detail extensive noneMaximum transmission unit size on the logical interface.MTU
All levelsNDP statistics for protocol inet6 under logical interface statistics.
• Max nh cache—Maximum interface neighbor discovery nexthop cache size.
• New hold nh limit—Maximum number of new unresolved nexthops.
• Curr nh cnt—Current number of resolved nexthops in the NDP queue.
• Currnewholdcnt—Current number of unresolvednexthops in theNDPqueue.
• NH drop cnt—Number of NDP requests not serviced.
Neighbor DiscoveryProtocol (NDP)QueueStatistics
detail extensive noneName of the dynamic profile that was used to create this interface configuredwith a Point-to-Point Protocol over Ethernet (PPPoE) family.
Dynamic Profile
detail extensive noneNameof theservicenametable for the interfaceconfiguredwithaPPPoE family.Service Name Table
547Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneMaximum number of PPPoE logical interfaces that can be activated on theunderlying interface.
Max Sessions
detail extensive noneState of PPPoE duplicate protection:On orOff. When duplicate protection isconfigured for theunderlying interface, adynamicPPPoE logical interfacecannotbe activated when an existing active logical interface is present for the samePPPoE client.
Duplicate Protection
detail extensive noneStateof theconfiguration to ignoreDSLForumVSAs:OnorOff.Whenconfigured,the router ignores any of these VSAs received from a directly connected CPEdevice on the interface.
Direct Connect
detail extensive noneName of the access concentrator.ACName
detail extensive noneMaximum number of MPLS labels configured for the MPLS protocol family onthe logical interface.
Maximum labels
detail extensiveNumberand rateofbytesandpackets receivedand transmittedon the specifiedinterface set.
• Input bytes, Output bytes—Number of bytes received and transmitted on theinterface set. The value in this field also includes the Layer 2 overhead bytesfor ingress or egress traffic on Ethernet interfaces if you enable accountingof Layer 2 overhead at the PIC level or the logical interface level.
• Input packets, Output packets—Number of packets received and transmittedon the interface set.
Traffic statistics
extensiveNumber of IPv6 transit bytes and packets received and transmitted on thelogical interface if IPv6 statistics tracking is enabled.
IPv6 transit statistics
extensiveNumber and rate of bytes and packets destined to the router.Local statistics
extensiveNumber and rate of bytes and packets transiting the switch.
NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the logicalinterface egress statistics might not accurately reflect the traffic on the wirewhen output shaping is applied. Traffic management output shaping mightdrop packets after they are tallied by theOutput bytes andOutput packetsinterface counters. However, correct values display for both of these egressstatistics when per-unit scheduling is enabled for the Gigabit Ethernet IQ2physical interface, or when a single logical interface is actively using a sharedscheduler.
Transit statistics
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensive noneRoute table in which the logical interface address is located. For example, 0refers to the routing table inet.0.
Route Table
detail extensiveInformation about protocol family flags. Possible values are described in the“Family Flags” section under Common Output Fields Description.
Flags
Copyright © 2018, Juniper Networks, Inc.548
Broadband Subscriber ManagementWholesale Feature Guide
Table 25: show interfaces (Gigabit Ethernet) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive none(UnnumberedEthernet) Interface fromwhichanunnumberedEthernet interfaceborrows an IPv4 address.
Donor interface
detail extensive none(UnnumberedEthernet)Secondary IPv4addressof thedonor loopback interfacethatactsas thepreferredsourceaddress for theunnumberedEthernet interface.
Preferred sourceaddress
detail extensiveNames of any input filters applied to this interface. If you specify a precedencevalue for any filter in a dynamic profile, filter precedence values appear inparentheses next to all interfaces.
Input Filters
detail extensiveNamesof any output filters applied to this interface. If you specify a precedencevalue for any filter in a dynamic profile, filter precedence values appear inparentheses next to all interfaces.
Output Filters
detail extensive noneNumber of MAC address validation failures for packets and bytes. This field isdisplayed when MAC address validation is enabled for the logical interface.
Mac-Validate Failures
detail extensive noneInformation about the address flags. Possible values are described in the“Addresses Flags” section under Common Output Fields Description.
Addresses, Flags
briefProtocol family configured on the logical interface. If the protocol is inet, the IPaddress of the interface is also displayed.
protocol-family
detail extensive noneInformation about the address flag. Possible values are described in the“Addresses Flags” section under Common Output Fields Description.
Flags
detail extensive noneIP address of the remote side of the connection.Destination
detail extensive noneIP address of the logical interface.Local
detail extensive noneBroadcast address of the logical interface.Broadcast
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
The following table describes the output fields for the show interfaces (10–Gigabit
Ethernet) command.
Level ofOutput
Field DescriptionField Name
All levelsName of the physical interface.Physical interface
All levelsState of the interface. Possible values are described in the “Enabled Field” section underCommon Output Fields Description.
Enabled
detail extensivenone
Index number of the physical interface, which reflects its initialization sequence.Interface index
549Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
detail extensivenone
SNMP index number for the physical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsEncapsulation being used on the physical interface.Link-level type
All levelsMaximum transmission unit size on the physical interface.MTU
All levelsSpeed at which the interface is running.Speed
All levelsLoopback status: Enabled or Disabled. If loopback is enabled, type of loopback: Local orRemote.
Loopback
All levelsSource filtering status: Enabled or Disabled.Source filtering
All levels10-Gigabit Ethernet interface operating in Local Area Network Physical Layer Device(LAN PHY)mode. LAN PHY allows 10-Gigabit Ethernet wide area links to use existingEthernet applications.
LAN-PHYmode
All levels10-Gigabit Ethernet interface operating inWide Area Network Physical Layer Device(WANPHY)mode.WANPHYallows 10-GigabitEthernetwidearea links touse fiber-opticcables and other devices intended for SONET/SDH.
WAN-PHYmode
All levelsUnidirectional link mode status for 10-Gigabit Ethernet interface: Enabled or Disabledfor parent interface; Rx-only or Tx-only for child interfaces.
Unidirectional
All levelsFlow control status: Enabled or Disabled.Flow control
All levels(Gigabit Ethernet interfaces) Autonegotiation status: Enabled or Disabled.Auto-negotiation
All levels(Gigabit Ethernet interfaces) Remote fault status:
• Online—Autonegotiation is manually configured as online.
• Offline—Autonegotiation is manually configured as offline.
Remote-fault
All levelsInformation about the physical device. Possible values are described in the “DeviceFlags” section under Common Output Fields Description.
Device flags
All levelsInformation about the interface. Possible values are described in the “Interface Flags”section under Common Output Fields Description.
Interface flags
All levelsInformation about the link. Possible values are described in the “Links Flags” sectionunder Common Output Fields Description.
Link flags
All levels(10-Gigabit Ethernet dense wavelength-division multiplexing [DWDM] interfaces)Displays the configured wavelength, in nanometers (nm).
Wavelength
All levels(10-Gigabit Ethernet DWDM interfaces only) Displays the frequency associated withthe configured wavelength, in terahertz (THz).
Frequency
detail extensivenone
Number of CoS queues configured.CoS queues
Copyright © 2018, Juniper Networks, Inc.550
Broadband Subscriber ManagementWholesale Feature Guide
extensive(Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces only) Number of CoS schedulersconfigured.
Schedulers
detail extensiveCurrent interface hold-time up and hold-time down, in milliseconds.Hold-times
detail extensivenone
Configured MAC address.Current address
detail extensivenone
Hardware MAC address.Hardwareaddress
detail extensivenone
Date, time, and how long ago the interface went from down to up. The format is Lastflapped: year-month-day hour:minute:second:timezone (hour:minute:second ago). Forexample, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Last flapped
None specifiedInput rate in bits per second (bps) and packets per second (pps). The value in this fieldalso includes the Layer 2 overhead bytes for ingress traffic on Ethernet interfaces if youenable accounting of Layer 2 overhead at the PIC level or the logical interface level.
Input Rate
None specifiedOutput rate in bps and pps. The value in this field also includes the Layer 2 overheadbytes for egress trafficonEthernet interfaces if youenableaccountingofLayer 2overheadat the PIC level or the logical interface level.
Output Rate
detail extensiveTime when the statistics for the interface were last set to zero.Statistics lastcleared
detail extensiveLayer 2 overhead in bytes that is accounted in the interface statistics for egress traffic.Egress accountoverhead
detail extensiveLayer 2 overhead in bytes that is accounted in the interface statistics for ingress traffic.Ingress accountoverhead
detail extensiveNumberand rateofbytesandpackets receivedand transmittedon thephysical interface.
• Input bytes—Number of bytes received on the interface. The value in this field alsoincludes the Layer 2 overhead bytes for ingress traffic on Ethernet interfaces if youenable accounting of Layer 2 overhead at the PIC level or the logical interface level.
• Output bytes—Number of bytes transmitted on the interface. The value in this fieldalso includes the Layer 2 overhead bytes for egress traffic on Ethernet interfaces ifyou enable accounting of Layer 2 overhead at the PIC level or the logical interfacelevel.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Traffic statistics
551Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
extensiveInput errors on the interface. The following paragraphs explain the counters whosemeaning might not be obvious:
• Errors—Sum of the incoming frame aborts and FCS errors.
• Drops—Number of packets dropped by the input queue of the I/O Manager ASIC. Ifthe interface is saturated, thisnumber incrementsonce for everypacket that isdroppedby the ASIC's REDmechanism.
• Framing errors—Number of packets received with an invalid frame checksum (FCS).
• Runts—Number of frames received that are smaller than the runt threshold.
• Policed discards—Number of frames that the incoming packetmatch code discardedbecause theywerenot recognizedornotof interest.Usually, this field reportsprotocolsthat the Junos OS does not handle.
• L3 incompletes—Number of incoming packets discarded because they failed Layer 3(usually IPv4) sanity checks of the header. For example, a frame with less than20 bytes of available IP header is discarded. L3 incomplete errors can be ignored byconfiguring the ignore-l3-incompletes statement.
• L2 channel errors—Number of times the software did not find a valid logical interfacefor an incoming frame.
• L2mismatch timeouts—Number of malformed or short packets that caused theincoming packet handler to discard the frame as unreadable.
• FIFO errors—Number of FIFO errors in the receive direction that are reported by theASIC on the PIC. If this value is ever nonzero, the PIC is probably malfunctioning.
• Resource errors—Sum of transmit drops.
Input errors
extensiveOutput errors on the interface. The following paragraphs explain the counters whosemeaning might not be obvious:
• Carrier transitions—Number of times the interface has gone from down to up. Thisnumber does not normally increment quickly, increasing only when the cable isunplugged, the far-end system is powered down and then up, or another problemoccurs. If the number of carrier transitions increments quickly (perhaps once every10 seconds), the cable, the far-end system, or the PIC or PIM is malfunctioning.
• Errors—Sum of the outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/O Manager ASIC. Ifthe interface is saturated, thisnumber incrementsonce for everypacket that isdroppedby the ASIC's REDmechanism.
• Collisions—Number of Ethernet collisions. The Gigabit Ethernet PIC supports onlyfull-duplex operation, so for Gigabit Ethernet PICs, this number should always remain0. If it is nonzero, there is a software bug.
• Aged packets—Number of packets that remained in shared packet SDRAM so longthat the system automatically purged them. The value in this field should neverincrement. If it does, it is most likely a software bug or possibly malfunctioninghardware.
• FIFO errors—Number of FIFO errors in the send direction as reported by the ASIC onthe PIC. If this value is ever nonzero, the PIC is probably malfunctioning.
• HS link CRC errors—Number of errors on the high-speed links between the ASICsresponsible for handling the router interfaces.
• MTU errors—Number of packets whose size exceeded the MTU of the interface.
• Resource errors—Sum of transmit drops.
Output errors
Copyright © 2018, Juniper Networks, Inc.552
Broadband Subscriber ManagementWholesale Feature Guide
detail extensiveTotal number of egress queues supported on the specified interface.
NOTE: In DPCs that are not of the enhanced type, such as DPC 40x 1GE R, DPCE 20x1GE+ 2x 10GER, or DPCE 40x 1GER, youmight notice a discrepancy in the output of theshow interfaces command because incoming packets might be counted in the Egressqueues section of the output. This problemoccurs on non-enhancedDPCs because theegress queue statistics are polled from IMQ (Inbound Message Queuing) block of theI-chip. The IMQ block does not differentiate between ingress and egressWAN traffic;as a result, the combined statistics are displayed in the egress queue counters on theRouting Engine. In a simple VPLS scenorio, if there is no MAC entry in DMAC table (bysending unidirectional traffic), traffic is floodedand the input traffic is accounted in IMQ.For bidirectional traffic (MAC entry in DMAC table), if the outgoing interface is on thesame I-chip then both ingress and egress statistics are counted in a combined way. Ifthe outgoing interface is on a different I-chip or FPC, then only egress statistics areaccounted in IMQ. This behavior is expected with non-enhanced DPCs
Egress queues
detail extensiveCoS queue number and its associated user-configured forwarding class name.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Dropped packets—Number of packets dropped by the ASIC's REDmechanism.
Queue counters(Egress)
extensiveTotal number of ingress queues supported on the specified interface. Displayed on IQ2interfaces.
Ingress queues
extensiveCoSqueuenumberand its associateduser-configured forwardingclassname.Displayedon IQ2 interfaces.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Dropped packets—Number of packets dropped by the ASIC's REDmechanism.
Queue counters(Ingress)
detail extensivenone
Ethernet-specific defects that can prevent the interface from passing packets. When adefect persists for a certain amount of time, it is promoted to an alarm. Based on theroutingdevice configuration, analarmcan ring the redor yellowalarmbell on the routingdevice, or turn on the red or yellow alarm LED on the craft interface. These fields cancontain the value None or Link.
• None—There are no active defects or alarms.
• Link—Interfacehas lost its link state,whichusuallymeans that the cable is unplugged,the far-end system has been turned off, or the PIC is malfunctioning.
ActivealarmsandActive defects
detail extensiveActive OTN alarms identified on the interface.OTN alarms
detail extensiveOTN defects received on the interface.OTN defects
detail extensiveThe FECmode configured on the interface.
• efec—Enhanced forward error correction (EFEC) is configured to defect and correctbit errors.
• gfec—G.709Forwarderror correction (GFEC)mode is configured todetect andcorrectbit errors.
• none—FECmode is not configured.
OTN FECMode
553Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
detail extensiveOTNmode.
• fixed-stuff-bytes—Fixed stuff bytes 11.0957 Gbps.
• no-fixed-stuff-bytes—No fixed stuff bytes 11.0491 Gbps.
• pass-through—Enable OTN passthroughmode.
• no-pass-through—Do not enable OTN passthroughmode.
OTNRate
detail extensiveStatusof the line loopback, if configured for theDWDMOTNPIC. Its valuecanbe:enabledor disabled.
OTN LineLoopback
detail extensiveThe forward error correction (FEC) counters for the DWDMOTN PIC.
• Corrected Errors—The count of corrected errors in the last second.
• Corrected Error Ratio—The corrected error ratio in the last 25 seconds. For example,1e-7 is 1 error per 10 million bits.
OTN FECstatistics
detail extensiveOTN FEC excessive or degraded error alarms triggered on the interface.
• FEC Degrade—OTU FEC Degrade defect.
• FEC Excessive—OTU FEC Excessive Error defect.
OTN FEC alarms
detail extensiveOTNOC defects triggered on the interface.
• LOS—OC Loss of Signal defect.
• LOF—OC Loss of Frame defect.
• LOM—OC Loss of Multiframe defect.
• Wavelength Lock—OCWavelength Lock defect.
OTNOC
detail extensiveOTNOTU defects detected on the interface
• AIS—OTN AIS alarm.
• BDI—OTNOTU BDI alarm.
• IAE—OTNOTU IAE alarm.
• TTIM—OTNOTU TTIM alarm.
• SF—OTNODU bit error rate fault alarm.
• SD—OTNODU bit error rate defect alarm.
• TCA-ES—OTNODU ES threshold alarm.
• TCA-SES—OTNODU SES threshold alarm.
• TCA-UAS—OTNODU UAS threshold alarm.
• TCA-BBE—OTNODU BBE threshold alarm.
• BIP—OTNODU BIP threshold alarm.
• BBE—OTNOTU BBE threshold alarm.
• ES—OTNOTU ES threshold alarm.
• SES—OTNOTU SES threshold alarm.
• UAS—OTNOTU UAS threshold alarm.
OTNOTU
detail extensiveDestination Access Port Interface (DAPI) fromwhich the packets were received.Received DAPI
detail extensiveSource Access Port Interface (SAPI) fromwhich the packets were received.Received SAPI
detail extensiveDestination Access Port Interface (DAPI) to which the packets were transmitted.TransmittedDAPI
Copyright © 2018, Juniper Networks, Inc.554
Broadband Subscriber ManagementWholesale Feature Guide
detail extensiveSource Access Port Interface (SAPI) to which the packets were transmitted.TransmittedSAPI
detail extensive(10-GigabitEthernet interfaces)DisplaysPhysicalCodingSublayer (PCS) fault conditionsfrom theWAN PHY or the LAN PHY device.
• Bit errors—The number of seconds during which at least one bit error rate (BER)occurred while the PCS receiver is operating in normal mode.
• Errored blocks—The number of seconds when at least one errored block occurredwhile the PCS receiver is operating in normal mode.
PCS statistics
extensiveReceive and Transmit statistics reported by the PIC's MAC subsystem, including thefollowing:
• Total octets and total packets—Total number of octets and packets. For GigabitEthernet IQ PICs, the received octets count varies by interface type.
• Unicast packets, Broadcast packets, andMulticast packets—Number of unicast,broadcast, andmulticast packets.
• CRC/Align errors—Total number of packets received that had a length (excludingframing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, andhad either a bad FCSwith an integral number of octets (FCS Error) or a bad FCSwitha nonintegral number of octets (Alignment Error).
• FIFO error—Number of FIFO errors that are reported by the ASIC on the PIC. If thisvalue is ever nonzero, the PIC or a cable is probably malfunctioning.
• MAC control frames—Number of MAC control frames.
• MAC pause frames—Number of MAC control frames with pause operational code.
• Oversized frames—Number of frames that exceed 1518 octets.
• Jabber frames—Numberof frames thatwere longer than 1518octets (excluding framingbits, but including FCS octets), and had either an FCS error or an alignment error. Thisdefinition of jabber is different from the definition in IEEE-802.3 section 8.2.1.5(10BASE5) and section 10.3.1.4 (10BASE2). These documents define jabber as thecondition in which any packet exceeds 20ms. The allowed range to detect jabber isfrom 20ms to 150ms.
• Fragment frames—Total number of packets that were less than 64 octets in length(excluding framing bits, but including FCS octets), and had either an FCS error or analignment error. Fragment frames normally increment because both runts (which arenormal occurrences caused by collisions) and noise hits are counted.
• VLAN tagged frames—Number of frames that are VLAN tagged. The system uses theTPID of 0x8100 in the frame to determine whether a frame is tagged or not.
• Codeviolations—Numberof timesaneventcaused thePHYto indicate “Data receptionerror” or “invalid data symbol error.”
MAC statistics
extensiveAPS/PCC0: 0x02, APS/PCC1: 0x11, APS/PCC2: 0x47, APS/PCC3: 0x58 Payload Type:0x08
OTNReceivedOverhead Bytes
extensiveAPS/PCC0:0x00,APS/PCC1: 0x00,APS/PCC2:0x00,APS/PCC3:0x00PayloadType:0x08
OTN TransmittedOverhead Bytes
555Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
extensiveReceive and Transmit statistics reported by the PIC'sMAC address filter subsystem. Thefiltering is done by the content-addressable memory (CAM) on the PIC. The filterexamines a packet's source and destination MAC addresses to determine whether thepacket should enter the system or be rejected.
• Input packet count—Number of packets received from the MAC hardware that thefilter processed.
• Input packet rejects—Number of packets that the filter rejected because of either thesource MAC address or the destination MAC address.
• Input DA rejects—Number of packets that the filter rejected because the destinationMAC address of the packet is not on the accept list. It is normal for this value toincrement.When it incrementsveryquicklyandno traffic is entering the routingdevicefrom the far-end system, either there is a bad ARP entry on the far-end system, ormulticast routing is not on and the far-end system is sendingmanymulticast packetsto the local routing device (which the routing device is rejecting).
• Input SA rejects—Number of packets that the filter rejected because the source MACaddress of the packet is not on the accept list. The value in this field should incrementonly if source MAC address filtering has been enabled. If filtering is enabled, if thevalue increments quickly, and if the system is not receiving traffic that it should fromthe far-end system, it means that the user-configured source MAC addresses for thisinterface are incorrect.
• Outputpacketcount—Numberofpackets that the filter hasgiven to theMAChardware.
• Output packet pad count—Number of packets the filter padded to the minimumEthernet size (60 bytes) before giving the packet to the MAC hardware. Usually,padding is done only on small ARP packets, but some very small IP packets can alsorequire padding. If this value increments rapidly, either the system is trying to find anARP entry for a far-end system that does not exist or it is misconfigured.
• Output packet error count—Number of packets with an indicated error that the filterwas given to transmit. These packets are usually aged packets or are the result of abandwidth problem on the FPC hardware. On a normal system, the value of this fieldshould not increment.
• CAMdestination filters, CAM source filters—Number of entries in the CAM dedicatedto destination and source MAC address filters. There can only be up to 64 sourceentries. If source filtering is disabled, which is the default, the values for these fieldsshould be 0.
Filter statistics
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) SONET error information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
PMAPHY
Copyright © 2018, Juniper Networks, Inc.556
Broadband Subscriber ManagementWholesale Feature Guide
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) SONET error information:
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• BIP-B1—Bit interleaved parity for SONET section overhead
• SEF—Severely errored framing
• LOL—Loss of light
• LOF—Loss of frame
• ES-S—Errored seconds (section)
• SES-S—Severely errored seconds (section)
• SEFS-S—Severely errored framing seconds (section)
WIS section
extensive(10-Gigabit Ethernet interfaces,WANPHYmode)Activealarmsanddefects, plus countsof specific SONET errors with detailed information.
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. State other thanOK indicates a problem.
Subfields are:
• BIP-B2—Bit interleaved parity for SONET line overhead
• REI-L—Remote error indication (near-end line)
• RDI-L—Remote defect indication (near-end line)
• AIS-L—Alarm indication signal (near-end line)
• BERR-SF—Bit error rate fault (signal failure)
• BERR-SD—Bit error rate defect (signal degradation)
• ES-L—Errored seconds (near-end line)
• SES-L—Severely errored seconds (near-end line)
• UAS-L—Unavailable seconds (near-end line)
• ES-LFE—Errored seconds (far-end line)
• SES-LFE—Severely errored seconds (far-end line)
• UAS-LFE—Unavailable seconds (far-end line)
WIS line
557Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
extensive(10-Gigabit Ethernet interfaces,WANPHYmode)Activealarmsanddefects, plus countsof specific SONET errors with detailed information.
• Seconds—Number of seconds the defect has been active.
• Count—Number of times that the defect has gone from inactive to active.
• State—State of the error. Any state other thanOK indicates a problem.
Subfields are:
• BIP-B3—Bit interleaved parity for SONET section overhead
• REI-P—Remote error indication
• LOP-P—Loss of pointer (path)
• AIS-P—Path alarm indication signal
• RDI-P—Path remote defect indication
• UNEQ-P—Path unequipped
• PLM-P—Path payload label mismatch
• ES-P—Errored seconds (near-end STS path)
• SES-P—Severely errored seconds (near-end STS path)
• UAS-P—Unavailable seconds (near-end STS path)
• SES-PFE—Severely errored seconds (far-end STS path)
• UAS-PFE—Unavailable seconds (far-end STS path)
WIS path
extensiveInformation about link autonegotiation.
• Negotiation status:
• Incomplete—Ethernet interface has the speed or link mode configured.
• No autonegotiation—Remote Ethernet interface has the speed or link modeconfigured, or does not perform autonegotiation.
• Complete—Ethernet interface is connected to a device that performsautonegotiation and the autonegotiation process is successful.
• Linkpartnerstatus—OKwhenEthernet interface is connected toadevice thatperformsautonegotiation and the autonegotiation process is successful.
• Link partner:
• Linkmode—Depending on the capability of the attached Ethernet device, eitherFull-duplex or Half-duplex.
• Flow control—Types of flow control supported by the remote Ethernet device. ForFast Ethernet interfaces, the type is None. For Gigabit Ethernet interfaces, typesare Symmetric (link partner supports PAUSE on receive and transmit), Asymmetric(linkpartner supportsPAUSEon transmit), andSymmetric/Asymmetric (linkpartnersupports both PAUSE on receive and transmit or only PAUSE receive).
• Remote fault—Remote fault information from the link partner—Failure indicates areceive link error.OK indicates that the link partner is receiving. Negotiation errorindicates a negotiation error.Offline indicates that the link partner is going offline.
• Local resolution—Information from the link partner:
• Flow control—Types of flow control supported by the remote Ethernet device. ForGigabit Ethernet interfaces, types are Symmetric (link partner supports PAUSE onreceive and transmit), Asymmetric (link partner supports PAUSE on transmit), andSymmetric/Asymmetric (link partner supports bothPAUSE on receive and transmitor only PAUSE receive).
• Remote fault—Remote fault information. Link OK (no error detected on receive),Offline (local interface is offline), and Link Failure (link error detected on receive).
Autonegotiationinformation
Copyright © 2018, Juniper Networks, Inc.558
Broadband Subscriber ManagementWholesale Feature Guide
extensive(10-Gigabit Ethernet interfaces, WAN PHYmode) SONET/SDH interfaces allow pathtrace bytes to be sent inband across the SONET/SDH link. Juniper Networks and otherrouter manufacturers use these bytes to help diagnosemisconfigurations and networkerrors by setting the transmitted path trace message so that it contains the systemhostname and name of the physical interface. The received path trace value is themessage received from the routing device at the other end of the fiber. The transmittedpath trace value is the message that this routing device transmits.
Received pathtrace,Transmitted pathtrace
extensiveInformation about the configuration of the Packet Forwarding Engine:
• Destination slot—FPC slot number.
PacketForwardingEngineconfiguration
extensiveInformation about the CoS queue for the physical interface.
• CoS transmit queue—Queue number and its associated user-configured forwardingclass name.
• Bandwidth%—Percentage of bandwidth allocated to the queue.
• Bandwidth bps—Bandwidth allocated to the queue (in bps).
• Buffer%—Percentage of buffer space allocated to the queue.
• Buffer usec—Amount of buffer space allocated to the queue, in microseconds. Thisvalue is nonzero only if the buffer size is configured in terms of time.
• Priority—Queue priority: low or high.
• Limit—Displayed if rate limiting is configured for the queue. Possible values are noneand exact. If exact is configured, the queue transmits only up to the configuredbandwidth, even if excess bandwidth is available. If none is configured, the queuetransmits beyond the configured bandwidth if bandwidth is available.
CoS information
Logical Interface
All levelsName of the logical interface.Logical interface
detail extensivenone
Index number of the logical interface, which reflects its initialization sequence.Index
detail extensivenone
SNMP interface index number for the logical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsInformation about the logical interface. Possible values are described in the “LogicalInterface Flags” section under Common Output Fields Description.
Flags
559Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
brief detailextensive none
Rewrite profile applied to incoming or outgoing frames on the outer (Out) VLAN tag orfor both the outer and inner (In) VLAN tags.
• push—An outer VLAN tag is pushed in front of the existing VLAN tag.
• pop—The outer VLAN tag of the incoming frame is removed.
• swap—TheouterVLANtagof the incoming frame isoverwrittenwith theuser specifiedVLAN tag information.
• push—An outer VLAN tag is pushed in front of the existing VLAN tag.
• push-push—Two VLAN tags are pushed in from the incoming frame.
• swap-push—TheouterVLANtagof the incoming frame is replacedbyauser-specifiedVLAN tag value. A user-specified outer VLAN tag is pushed in front. The outer tagbecomes an inner tag in the final frame.
• swap-swap—Both the inner and the outer VLAN tags of the incoming frame arereplaced by the user specified VLAN tag value.
• pop-swap—TheouterVLANtagof the incoming frame is removed, and the innerVLANtag of the incoming frame is replaced by the user-specified VLAN tag value. The innertag becomes the outer tag in the final frame.
• pop-pop—Both the outer and inner VLAN tags of the incoming frame are removed.
VLAN-Tag
detail extensivenone
IP demultiplexing (demux) value that appears if this interface is used as the demuxunderlying interface. The output is one of the following:
• Source Family Inet
• Destination Family Inet
Demux:
All levelsEncapsulation on the logical interface.Encapsulation
detail extensivenone
Protocol family. Possible values are described in the “Protocol Field” section underCommon Output Fields Description.
Protocol
detail extensivenone
Maximum transmission unit size on the logical interface.MTU
detail extensivenone
MaximumnumberofMPLS labels configured for theMPLSprotocol family on the logicalinterface.
Maximum labels
detail extensiveNumberand rateofbytesandpackets receivedand transmittedon thespecified interfaceset.
• Inputbytes,Outputbytes—Number of bytes received and transmitted on the interfaceset. Thevalue in this fieldalso includes theLayer 2overheadbytes for ingressor egresstraffic on Ethernet interfaces if you enable accounting of Layer 2 overhead at the PIClevel or the logical interface level.
• Input packets, Output packets—Number of packets received and transmitted on theinterface set.
Traffic statistics
extensiveNumber of IPv6 transit bytes and packets received and transmitted on the logicalinterface if IPv6 statistics tracking is enabled.
IPv6 transitstatistics
extensiveNumber and rate of bytes and packets destined to the routing device.Local statistics
Copyright © 2018, Juniper Networks, Inc.560
Broadband Subscriber ManagementWholesale Feature Guide
extensiveNumber and rate of bytes and packets transiting the switch.
NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the logical interfaceegress statisticsmight not accurately reflect the traffic on thewirewhenoutput shapingis applied. Trafficmanagement output shapingmight drop packets after they are talliedby theOutput bytes andOutput packets interface counters. However, correct valuesdisplay for both of these egress statistics when per-unit scheduling is enabled for theGigabit Ethernet IQ2physical interface, orwhena single logical interface is actively usinga shared scheduler.
Transit statistics
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensivenone
Route table in which the logical interface address is located. For example, 0 refers tothe routing table inet.0.
Route Table
detail extensiveInformation about protocol family flags. Possible values are described in the “FamilyFlags” section under Common Output Fields Description.
Flags
detail extensivenone
(UnnumberedEthernet) Interface fromwhichanunnumberedEthernet interfaceborrowsan IPv4 address.
Donor interface
detail extensivenone
(Unnumbered Ethernet) Secondary IPv4 address of the donor loopback interface thatacts as the preferred source address for the unnumbered Ethernet interface.
Preferred sourceaddress
detail extensiveNames of any input filters applied to this interface. If you specify a precedence value forany filter in a dynamic profile, filter precedence values appear in parenthesis next to allinterfaces.
Input Filters
detail extensiveNames of any output filters applied to this interface. If you specify a precedence valuefor any filter in a dynamic profile, filter precedence values appear in parenthesis next toall interfaces.
Output Filters
detail extensivenone
Number of MAC address validation failures for packets and bytes. This field is displayedwhen MAC address validation is enabled for the logical interface.
Mac-ValidateFailures
detail extensivenone
Information about the address flags. Possible values are described in the “AddressesFlags” section under Common Output Fields Description.
Addresses, Flags
briefProtocol family configured on the logical interface. If the protocol is inet, the IP addressof the interface is also displayed.
protocol-family
detail extensivenone
Information about address flag (possible values are described in the “Addresses Flags”section under Common Output Fields Description.
Flags
detail extensivenone
IP address of the remote side of the connection.Destination
detail extensivenone
IP address of the logical interface.Local
detail extensivenone
Broadcast address of the logical interlace.Broadcast
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
561Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
For Gigabit Ethernet IQ PICs, traffic andMAC statistics output varies. The following table
describes the traffic andMACstatistics for twosample interfaces, eachofwhich is sending
traffic in packets of 500 bytes (including 478 bytes for the Layer 3 packet, 18 bytes for
the Layer 2 VLAN traffic header, and 4 bytes for cyclic redundancy check [CRC]
information). The ge-0/3/0 interface is the inbound physical interface, and the ge-0/0/0
interface is theoutboundphysical interface.Onboth interfaces, traffic is carriedon logical
unit .50 (VLAN 50).
Table 26: Gigabit and 10 Gigabit Ethernet IQ PIC Traffic andMAC Statistics by Interface Type
CommentsByte and Octet CountsIncludeSample CommandInterface Type
The additional 4 bytes are forthe CRC.
Traffic statistics:
Input bytes: 496 bytes perpacket, representing theLayer 2 packet
MAC statistics:
Received octets: 500 bytesper packet, representing theLayer 2 packet + 4 bytes
show interfaces ge-0/3/0extensive
Inbound physical interface
Traffic statistics:
Input bytes: 478 bytes perpacket, representing theLayer 3 packet
show interfaces ge-0/3/0.50extensive
Inbound logical interface
For inputbytes, theadditional12 bytes include 6 bytes forthe destination MAC addressplus 4 bytes for VLAN plus 2bytes for the Ethernet type.
Traffic statistics:
Input bytes: 490 bytes perpacket, representing theLayer 3 packet + 12 bytes
MAC statistics:
Received octets: 478 bytesper packet, representing theLayer 3 packet
show interfaces ge-0/0/0extensive
Outbound physical interface
Traffic statistics:
Input bytes: 478 bytes perpacket, representing theLayer 3 packet
show interfaces ge-0/0/0.50extensive
Outbound logical interface
Table 27 on page 563 lists the output fields for the show interfaces command. Output
fields are listed in the approximate order in which they appear.
Copyright © 2018, Juniper Networks, Inc.562
Broadband Subscriber ManagementWholesale Feature Guide
Table 27: show interfaces Output Fields
Level of OutputField DescriptionField Name
Physical Interface
All levelsName of the physical interface.Physical interface
All levelsState of the interface.Enabled
detail extensive noneIndexnumber of thephysical interface,which reflects its initialization sequence.Interface index
detail extensive noneSNMP index number for the physical interface.SNMP ifIndex
All levelsEncapsulation being used on the physical interface.Link-level type
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsMaximum transmission unit size on the physical interface.MTU
Link mode: Full-duplex or Half-duplex.Linkmode
All levelsSpeed at which the interface is running.Speed
Bridge protocol data unit (BPDU) error: Detected or NoneBPDU error
All levelsLoopback status: Enabled or Disabled. If loopback is enabled, type of loopback:Local or Remote.
Loopback
All levelsSource filtering status: Enabled or Disabled.Source filtering
All levelsFlow control status: Enabled or Disabled.Flow control
All levels(Gigabit Ethernet interfaces) Autonegotiation status: Enabled or Disabled.Auto-negotiation
All levels(Gigabit Ethernet interfaces) Remote fault status:
• Online—Autonegotiation is manually configured as online.
• Offline—Autonegotiation is manually configured as offline.
Remote-fault
All levelsInformation about the physical device.Device flags
All levelsInformation about the interface.Interface flags
All levelsInformation about the physical link.Link flags
detail extensive noneNumber of CoS queues configured.CoS queues
detail extensive noneConfigured MAC address.Current address
563Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 27: show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneDate, time, and how long ago the interface went from down to up. The formatisLast flapped:year-month-dayhour:minute:second:timezone (hour:minute:secondago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Last flapped
NoneInput rate in bits per second (bps) and packets per second (pps).Input Rate
NoneOutput rate in bps and pps.Output Rate
detail extensive noneEthernet-specific defects that can prevent the interface from passing packets.When a defect persists for a certain amount of time, it is promoted to an alarm.These fields can contain the value None or Link.
• None—There are no active defects or alarms.
• Link—Interface has lost its link state, which usually means that the cable isunplugged, the far-end system has been turned off, or the PIC ismalfunctioning.
Active alarms andActive defects
detail extensiveTime when the statistics for the interface were last set to zero.Statistics last cleared
detail extensiveNumber and rate of bytes andpackets receivedand transmittedon thephysicalinterface.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Traffic statistics
Copyright © 2018, Juniper Networks, Inc.564
Broadband Subscriber ManagementWholesale Feature Guide
Table 27: show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInput errors on the interface.
• Errors—Sum of the incoming frame aborts and FCS errors.
• Drops—Number of packets dropped by the input queue of the I/O ManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• Framing errors—Number of packets receivedwith an invalid frame checksum(FCS).
• Runts—Number of frames received that are smaller than the runt threshold.
• Policed discards—Number of frames that the incoming packet match codediscarded because they were not recognized or not of interest. Usually, thisfield reports protocols that Junos OS does not handle.
• L3 incompletes—Number of incoming packets discarded because they failedLayer 3 (usually IPv4) sanity checks of the header. For example, a framewithless than 20 bytes of available IP header is discarded. L3 incomplete errorscan be ignored by configuring the ignore-l3-incompletes .
• L2 channel errors—Number of times the software did not find a valid logicalinterface for an incoming frame.
• L2mismatch timeouts—Number of malformed or short packets that causedthe incoming packet handler to discard the frame as unreadable.
• FIFO errors—Number of FIFO errors in the receive direction that are reportedby the ASIC on the PIC. If this value is ever nonzero, the PIC is probablymalfunctioning.
• Resource errors—Sum of transmit drops.
Input errors
extensiveOutput errors on the interface.
• Carrier transitions—Number of times the interface has gone from down to up.This number does not normally increment quickly, increasing only when thecable is unplugged, the far-end system is powered down and then up, oranotherproblemoccurs. If thenumberof carrier transitions incrementsquickly(perhaps once every 10 seconds), the cable, the far-end system, or the PICor PIM is malfunctioning.
• Errors—Sum of the outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• Collisions—Number of Ethernet collisions. TheGigabit Ethernet PIC supportsonly full-duplex operation; therefore, for Gigabit Ethernet PICs, this numbermust always remain 0. If it is nonzero, there is a software bug.
• Aged packets—Number of packets that remained in shared packet SDRAMso long that the system automatically purged them. The value in this fieldmust never increment. If it does, it is most likely a software bug or possiblymalfunctioning hardware.
• FIFO errors—Number of FIFO errors in the send direction as reported by theASIC on the PIC. If this value is ever nonzero, the PIC is probablymalfunctioning.
• HS link CRC errors—Number of errors on the high-speed links between theASICs responsible for handling the interfaces.
• MTUerrors—NumberofpacketswhosesizeexceededtheMTUof the interface.
• Resource errors—Sum of transmit drops.
Output errors
565Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 27: show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveTotal number of ingress queues supported on the specified interface.Ingress queues
detail extensiveCoS queue number and its associated user-configured forwarding class name.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Droppedpackets—Numberofpacketsdroppedby theASIC'sREDmechanism.
Queue counters andqueue number
extensiveReceive and Transmit statistics reported by the PIC'sMAC subsystem, includingthe following:
• Total octets and total packets—Total number of octets and packets.
• Unicastpackets,Broadcastpackets,andMulticastpackets—Numberofunicast,broadcast, andmulticast packets.
• CRC/Align errors—Total number of packets received that had a length(excluding framing bits, but including FCS octets) of between 64 and 1518octets, inclusive, and had either a bad FCSwith an integral number of octets(FCS Error) or a bad FCS with a nonintegral number of octets (AlignmentError).
• FIFO error—Number of FIFO errors that are reported by the ASIC on the PIC.If this value is ever nonzero, the PIC or a cable is probably malfunctioning.
• MAC control frames—Number of MAC control frames.
• MAC pause frames—Number of MAC control frames with pause operationalcode.
• Oversized frames—There are two possible conditions regarding the numberof oversized frames:
• Packet length exceeds 1518 octets, or
• Packet length exceeds MRU
• Jabberframes—Numberof frames thatwere longer than 1518octets (excludingframing bits, but including FCS octets), and had either an FCS error or analignment error. This definition of jabber is different from the definition inIEEE-802.3 section 8.2.1.5 (10BASE5) and section 10.3.1.4 (10BASE2). Thesedocuments define jabber as the condition in which any packet exceeds 20ms. The allowed range to detect jabber is from 20ms to 150ms.
• Fragment frames—Total number of packets that were less than 64 octets inlength (excluding framing bits, but including FCS octets) and had either anFCSerrororanalignmenterror. Fragment framesnormally incrementbecauseboth runts (which are normal occurrences caused by collisions) and noisehits are counted.
• VLAN tagged frames—Number of frames that are VLAN tagged. The systemuses theTPIDof0x8100 in the frame todeterminewhether a frame is taggedor not.
• Codeviolations—Number of times an event caused thePHY to indicate “Datareception error” or “invalid data symbol error.”
MAC statistics
Copyright © 2018, Juniper Networks, Inc.566
Broadband Subscriber ManagementWholesale Feature Guide
Table 27: show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveReceive and Transmit statistics reported by the PIC's MAC address filtersubsystem. The filtering is done by the content-addressable memory (CAM)on thePIC.The filter examinesapacket's sourceanddestinationMACaddressesto determine whether the packet should enter the system or be rejected.
• Input packet count—Number of packets received from the MAC hardwarethat the filter processed.
• Input packet rejects—Number of packets that the filter rejected because ofeither the source MAC address or the destination MAC address.
• Input DA rejects—Number of packets that the filter rejected because thedestination MAC address of the packet is not on the accept list. It is normalfor this value to increment. When it increments very quickly and no traffic isentering the device from the far-end system, either there is a bad ARP entryon the far-end system, or multicast routing is not on and the far-end systemis sending manymulticast packets to the local device (which the router isrejecting).
• Input SA rejects—Number of packets that the filter rejected because thesource MAC address of the packet is not on the accept list. The value in thisfield should increment only if sourceMACaddress filtering has been enabled.If filtering is enabled, if the value increments quickly, and if the system is notreceiving traffic that it should from the far-end system, it means that theuser-configured source MAC addresses for this interface are incorrect.
• Output packet count—Number of packets that the filter has given to theMAChardware.
• Output packet pad count—Number of packets the filter padded to theminimum Ethernet size (60 bytes) before giving the packet to the MAChardware. Usually, padding is doneonly on small ARPpackets, but someverysmall IP packets can also require padding. If this value increments rapidly,either the system is trying to find anARPentry for a far-end system that doesnot exist or it is misconfigured.
• Output packet error count—Number of packets with an indicated error thatthe filter was given to transmit. These packets are usually aged packets orare the result of a bandwidth problem on the FPC hardware. On a normalsystem, the value of this field should not increment.
• CAMdestination filters, CAM source filters—Number of entries in the CAMdedicated to destination and source MAC address filters. There can only beup to 64 source entries. If source filtering is disabled, which is the default, thevalues for these fields must be 0.
Filter statistics
extensiveInformation about link autonegotiation.
• Negotiation status:
• Incomplete—Ethernet interface has the speed or link mode configured.
• Noautonegotiation—RemoteEthernet interfacehas thespeedor linkmodeconfigured, or does not perform autonegotiation.
• Complete—Ethernet interface is connected to a device that performsautonegotiation and the autonegotiation process is successful.
Autonegotiationinformation
extensiveInformation about the configuration of the Packet Forwarding Engine:
• Destination slot—FPC slot number.
Packet ForwardingEngine configuration
567Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 27: show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInformation about the CoS queue for the physical interface.
• CoS transmit queue—Queue number and its associated user-configuredforwarding class name.
• Bandwidth%—Percentage of bandwidth allocated to the queue.
• Bandwidth bps—Bandwidth allocated to the queue (in bps).
• Buffer%—Percentage of buffer space allocated to the queue.
• Bufferusec—Amountofbuffer spaceallocated to thequeue, inmicroseconds.This value is nonzero only if the buffer size is configured in terms of time.
• Priority—Queue priority: low or high.
• Limit—Displayed if rate limiting is configured for the queue. Possible valuesare none and exact. If exact is configured, the queue transmits only up to theconfigured bandwidth, even if excess bandwidth is available. If none isconfigured, the queue transmits beyond the configured bandwidth ifbandwidth is available.
CoS information
detail extensiveStatus of the interface-transmit-statistics configuration: Enabled or Disabled.Interface transmitstatistics
detail extensiveCoS queue number and its associated user-configured forwarding class name.
• Queued packets—Number of queued packets.
• Transmitted packets—Number of transmitted packets.
• Droppedpackets—Numberofpacketsdroppedby theASIC'sREDmechanism.
Queue counters(Egress)
Logical Interface
All levelsName of the logical interface.Logical interface
detail extensive noneIndex number of the logical interface, which reflects its initialization sequence.Index
detail extensive noneSNMP interface index number for the logical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsInformation about the logical interface.Flags
All levelsEncapsulation on the logical interface.Encapsulation
detail extensiveNumberand rateofbytesandpackets receivedand transmittedon the specifiedinterface set.
• Input bytes, Output bytes—Number of bytes received and transmitted on theinterface set. The value in this field also includes the Layer 2 overhead bytesfor ingress or egress traffic on Ethernet interfaces if you enable accountingof Layer 2 overhead at the PIC level or the logical interface level.
• Input packets, Output packets—Number of packets received and transmittedon the interface set.
Traffic statistics
Copyright © 2018, Juniper Networks, Inc.568
Broadband Subscriber ManagementWholesale Feature Guide
Table 27: show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveNumber and rate of bytes and packets destined to the device.Local statistics
extensiveNumber and rate of bytes and packets transiting the switch.
NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the logicalinterface egress statistics might not accurately reflect the traffic on the wirewhen output shaping is applied. Traffic management output shaping mightdrop packets after they are tallied by theOutput bytes andOutput packetsinterface counters. However, correct values display for both of these egressstatistics when per-unit scheduling is enabled for the Gigabit Ethernet IQ2physical interface, or when a single logical interface is actively using a sharedscheduler.
Transit statistics
extensiveSecurity zones that interface belongs to.Security
extensiveStatistics on packets received by flowmodule.Flow Input statistics
extensiveStatistics on packets sent by flowmodule.FlowOutput statistics
extensiveStatistics on errors in the flowmodule.Flow error statistics(Packets dropped dueto)
detail extensive noneProtocol family.Protocol
detail extensive noneMaximum transmission unit size on the logical interface.MTU
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensive noneRoute table in which the logical interface address is located. For example, 0refers to the routing table inet.0.
Route Table
detail extensiveInformation about protocol family flags. .Flags
detail extensive noneInformation about the address flags..Addresses, Flags
detail extensive noneIP address of the remote side of the connection.Destination
detail extensive noneIP address of the logical interface.Local
detail extensive noneBroadcast address of the logical interface.Broadcast
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
569Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sample Output Gigabit Ethernet
show interfaces (Gigabit Ethernet)
user@host> show interfaces ge-3/0/2Physical interface: ge-3/0/2, Enabled, Physical link is Up Interface index: 167, SNMP ifIndex: 35 Link-level type: 52, MTU: 1522, Speed: 1000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 CoS queues : 4 supported, 4 maximum usable queues Current address: 00:00:5e:00:53:7c, Hardware address: 00:00:5e:00:53:7c Last flapped : 2006-08-10 17:25:10 PDT (00:01:08 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Ingress rate at Packet Forwarding Engine : 0 bps (0 pps) Ingress drop rate at Packet Forwarding Engine : 0 bps (0 pps) Active alarms : None Active defects : None
Logical interface ge-3/0/2.0 (Index 72) (SNMP ifIndex 69) Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.512 0x8100.513 ] In(pop-swap 0x8100.530) Out(swap-push 0x8100.512 0x8100.513) Encapsulation: VLAN-CCC Egress account overhead: 100 Ingress account overhead: 90 Input packets : 0 Output packets: 0 Protocol ccc, MTU: 1522 Flags: Is-Primary
show interfaces (Gigabit Ethernet onMX Series Routers)
user@host> show interfaces ge-2/2/2Physical interface: ge-2/2/2, Enabled, Physical link is Up Interface index: 156, SNMP ifIndex: 188 Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 4 maximum usable queues Schedulers : 0 Current address: 00:00:5e:00:53:c0, Hardware address: 00:00:5e:00:53:76 Last flapped : 2008-09-05 16:44:30 PDT (3d 01:04 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : None Active defects : None Logical interface ge-2/2/2.0 (Index 82) (SNMP ifIndex 219) Flags: Up SNMP-Traps 0x4004000 Encapsulation: ENET2 Input packets : 10232 Output packets: 10294 Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re
Copyright © 2018, Juniper Networks, Inc.570
Broadband Subscriber ManagementWholesale Feature Guide
Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113/24, Local: 203.0.113.1, Broadcast: 203.0.113.255 Protocol inet6, MTU: 1500 Max nh cache: 4, New hold nh limit: 100000, Curr nh cnt: 4, Curr new hold cnt: 4, NH drop cnt: 0 Flags: Is-Primary Addresses, Flags: Is-Default Is-Preferred Is-Primary Destination: 2001:db8:/32, Local: 2001:db8::5 Addresses, Flags: Is-Preferred Destination: 2001:db8:1::/32, Local: 2001:db8:223:9cff:fe9f:3e78 Protocol multiservice, MTU: Unlimited Flags: Is-Primary
show interfaces (link degrade status)
user@host> show interfaces et-3/0/0Physical interface: et-3/0/0, Enabled, Physical link is Down Interface index: 157, SNMP ifIndex: 537 Link-level type: Ethernet, MTU: 1514, MRU: 0, Speed: 100Gbps, BPDU Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: 54:e0:32:23:9d:38, Hardware address: 54:e0:32:23:9d:38 Last flapped : 2014-06-18 02:36:38 PDT (02:50:50 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK PCS statistics Seconds Bit errors 0 Errored blocks 0 Link Degrade* : Link Monitoring : Enable Link Degrade Set Threshold: : 1E-7 Link Degrade Clear Threshold: : 1E-12 Estimated BER : 1E-7 Link-degrade event : Seconds Count State 782 1 Defect Active
show interfaces extensive (Gigabit Ethernet onMX Series Routers showing interface transmit statisticsconfiguration)
user@host> show interfaces ge-2/1/2 extensive | match "output|interface"Physical interface: ge-2/1/2, Enabled, Physical link is Up Interface index: 151, SNMP ifIndex: 530, Generation: 154 Interface flags: SNMP-Traps Internal: 0x4000 Output bytes : 240614363944 772721536 bps Output packets: 3538446506 1420444 pps Direction : Output Interface transmit statistics: Enabled
Logical interface ge-2/1/2.0 (Index 331) (SNMP ifIndex 955) (Generation 146) Output bytes : 195560312716 522726272 bps Output packets: 4251311146 1420451 pps
user@host> show interfaces ge-5/2/0.0 statistics detailLogical interface ge-5/2/0.0 (Index 71) (SNMP ifIndex 573) (Generation 135) Flags: SNMP-Traps 0x4000 Encapsulation: ENET2
571Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Egress account overhead: 100 Ingress account overhead: 90 Traffic statistics: Input bytes : 271524 Output bytes : 37769598 Input packets: 3664 Output packets: 885790 IPv6 transit statistics: Input bytes : 0 Output bytes : 16681118 Input packets: 0 Output packets: 362633 Local statistics: Input bytes : 271524 Output bytes : 308560 Input packets: 3664 Output packets: 3659 Transit statistics: Input bytes : 0 0 bps Output bytes : 37461038 0 bps Input packets: 0 0 pps Output packets: 882131 0 pps IPv6 transit statistics: Input bytes : 0 0 bps Output bytes : 16681118 0 bps Input packets: 0 0 pps Output packets: 362633 0 pps
show interfaces brief (Gigabit Ethernet)
user@host> show interfaces ge-3/0/2 briefPhysical interface: ge-3/0/2, Enabled, Physical link is Up Link-level type: 52, MTU: 1522, Speed: 1000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None
Logical interface ge-3/0/2.0 Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.512 0x8100.513 ] In(pop-swap 0x8100.530) Out(swap-push 0x8100.512 0x8100.513) Encapsulation: VLAN-CCC ccc
Logical interface ge-3/0/2.32767 Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x0000.0 ] Encapsulation: ENET2
show interfaces detail (Gigabit Ethernet)
user@host> show interfaces ge-3/0/2 detailPhysical interface: ge-3/0/2, Enabled, Physical link is Up Interface index: 167, SNMP ifIndex: 35, Generation: 177 Link-level type: 52, MTU: 1522, Speed: 1000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None
Copyright © 2018, Juniper Networks, Inc.572
Broadband Subscriber ManagementWholesale Feature Guide
CoS queues : 4 supported, 4 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:7c, Hardware address: 00:00:5e:00:53:7c Last flapped : 2006-08-09 17:17:00 PDT (01:31:33 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Ingress traffic statistics at Packet Forwarding Engine: Input bytes : 0 0 bps Input packets: 0 0 pps Drop bytes : 0 0 bps Drop packets: 0 0 pps Ingress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Egress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Active alarms : None Active defects : None
Logical interface ge-3/0/2.0 (Index 72) (SNMP ifIndex 69) (Generation 140) Flags: SNMP-Traps 0x4000 VLAN-Tag [0x8100.512 0x8100.513 ] In(pop-swap 0x8100.530) Out(swap-push 0x8100.512 0x8100.513) Encapsulation: VLAN-CCC Egress account overhead: 100 Ingress account overhead: 90 Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps
573Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Output packets: 0 0 pps Protocol ccc, MTU: 1522, Generation: 149, Route table: 0 Flags: Is-Primary
Logical interface ge-3/0/2.32767 (Index 71) (SNMP ifIndex 70) (Generation 139) Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x0000.0 ] Encapsulation: ENET2 Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps
show interfaces extensive (Gigabit Ethernet IQ2)
user@host> show interfaces ge-7/1/3 extensivePhysical interface: ge-7/1/3, Enabled, Physical link is Up Interface index: 170, SNMP ifIndex: 70, Generation: 171 Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4004000 Link flags : None CoS queues : 8 supported, 4 maximum usable queues Schedulers : 256 Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:74, Hardware address: 00:00:5e:00:53:74 Last flapped : 2007-11-07 21:31:41 PST (02:03:33 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 38910844056 7952 bps Output bytes : 7174605 8464 bps Input packets: 418398473 11 pps Output packets: 78903 12 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Ingress traffic statistics at Packet Forwarding Engine: Input bytes : 38910799145 7952 bps Input packets: 418397956 11 pps Drop bytes : 0 0 bps Drop packets: 0 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
Copyright © 2018, Juniper Networks, Inc.574
Broadband Subscriber ManagementWholesale Feature Guide
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Ingress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 418390823 418390823 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 7133 7133 0
Egress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 1031 1031 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 77872 77872 0
Active alarms : None Active defects : None MAC statistics: Receive Transmit Total octets 38910844056 7174605 Total packets 418398473 78903 Unicast packets 408021893366 1026 Broadcast packets 10 12 Multicast packets 418398217 77865 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 OTN Received Overhead Bytes: APS/PCC0: 0x02, APS/PCC1: 0x11, APS/PCC2: 0x47, APS/PCC3: 0x58 Payload Type: 0x08 OTN Transmitted Overhead Bytes: APS/PCC0: 0x00, APS/PCC1: 0x00, APS/PCC2: 0x00, APS/PCC3: 0x00 Payload Type: 0x08 Filter statistics: Input packet count 418398473 Input packet rejects 479 Input DA rejects 479 Input SA rejects 0 Output packet count 78903 Output packet pad count 0 Output packet error count 0 CAM destination filters: 0, CAM source filters: 0 Autonegotiation information: Negotiation status: Complete Link partner: Link mode: Full-duplex, Flow control: Symmetric/Asymmetric, Remote fault: OK Local resolution:
575Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Flow control: Symmetric, Remote fault: Link OK Packet Forwarding Engine configuration: Destination slot: 7 CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none Direction : Input CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none
Logical interface ge-7/1/3.0 (Index 70) (SNMP ifIndex 85) (Generation 150) Flags: SNMP-Traps Encapsulation: ENET2 Traffic statistics: Input bytes : 812400 Output bytes : 1349206 Input packets: 9429 Output packets: 9449 IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 812400 Output bytes : 1349206 Input packets: 9429 Output packets: 9449 Transit statistics: Input bytes : 0 7440 bps Output bytes : 0 7888 bps Input packets: 0 10 pps Output packets: 0 11 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: 1500, Generation: 169, Route table: 0 Flags: Is-Primary, Mac-Validate-Strict Mac-Validate Failures: Packets: 0, Bytes: 0 Addresses, Flags: Is-Preferred Is-Primary Input Filters: F1-ge-3/0/1.0-in, F3-ge-3/0/1.0-in Output Filters: F2-ge-3/0/1.0-out (53) Destination: 203.0.113/24, Local: 203.0.113.2, Broadcast: 203.0.113.255, Generation: 196 Protocol multiservice, MTU: Unlimited, Generation: 170, Route table: 0 Flags: Is-Primary Policer: Input: __default_arp_policer__
NOTE: For Gigabit Ethernet intelligent queuing 2 (IQ2) interfaces, the logical interface
egress statistics displayed in the show interfaces command output might not accurately
reflect the traffic on thewirewhenoutput shaping is applied. Trafficmanagementoutput
Copyright © 2018, Juniper Networks, Inc.576
Broadband Subscriber ManagementWholesale Feature Guide
shaping might drop packets after they are tallied by the interface counters. For detailed
information, see the description of the logical interface Transit statistics fields in
Table 25 on page 534.
show interfaces (Gigabit Ethernet Unnumbered Interface)
user@host> show interfaces ge-3/2/0Physical interface: ge-3/2/0, Enabled, Physical link is Up Interface index: 148, SNMP ifIndex: 50 Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 4 maximum usable queues Current address: 00:00:5e:00:53:f8, Hardware address: 00:00:5e:00:53:f8 Last flapped : 2006-10-27 04:42:23 PDT (08:01:52 ago) Input rate : 0 bps (0 pps) Output rate : 624 bps (1 pps) Active alarms : None Active defects : None
Logical interface ge-3/2/0.0 (Index 67) (SNMP ifIndex 85) Flags: SNMP-Traps Encapsulation: ENET2 Input packets : 0 Output packets: 6 Protocol inet, MTU: 1500 Flags: Unnumbered Donor interface: lo0.0 (Index 64) Preferred source address: 203.0.113.22
show interfaces (ACI Interface Set Configured)
user@host> show interfaces ge-1/0/0.4001 Logical interface ge-1/0/0.4001 (Index 340) (SNMP ifIndex 548) Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.4001 ] Encapsulation: PPP-over-
Ethernet ACI VLAN: Dynamic Profile: aci-vlan-set-profile PPPoE: Dynamic Profile: aci-vlan-pppoe-profile, Service Name Table: None, Max Sessions: 32000, Max Sessions VSA Ignore: Off, Duplicate Protection: On, Short Cycle Protection: Off, Direct Connect: Off, AC Name: nbc Input packets : 9 Output packets: 8 Protocol multiservice, MTU: Unlimited
show interfaces (ALI Interface Set)
user@host> show interfaces ge-1/0/0.10 Logical interface ge-1/0/0.10 (Index 346) (SNMP ifIndex 554) (Generation 155) Flags: Up SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.10 ] Encapsulation: ENET2 Line Identity:
577Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Dynamic Profile: ali-set-profile Circuit-id Remote-id Accept-no-ids PPPoE: Dynamic Profile: ali-vlan-pppoe-profile, Service Name Table: None, Max Sessions: 32000, Max Sessions VSA Ignore: Off, Duplicate Protection: On, Short Cycle Protection: Off, Direct Connect: Off, AC Name: nbc Input packets : 9 Output packets: 8 Protocol multiservice, MTU: Unlimited
Sample Output Gigabit Ethernet
show interfaces extensive (10-Gigabit Ethernet, LAN PHYMode, IQ2)
user@host> show interfaces xe-5/0/0 extensivePhysical interface: xe-5/0/0, Enabled, Physical link is Up Interface index: 177, SNMP ifIndex: 99, Generation: 178 Link-level type: Ethernet, MTU: 1518, LAN-PHY mode, Speed: 10Gbps, Loopback: None, Source filtering: Enabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 4 maximum usable queues Schedulers : 1024 Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:f6, Hardware address: 00:00:5e:00:53:f6 Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes : 6970332384 0 bps Output bytes : 0 0 bps Input packets: 81050506 0 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Ingress traffic statistics at Packet Forwarding Engine: Input bytes : 6970299398 0 bps Input packets: 81049992 0 pps Drop bytes : 0 0 bps Drop packets: 0 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Ingress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 81049992 81049992 0
1 expedited-fo 0 0 0
Copyright © 2018, Juniper Networks, Inc.578
Broadband Subscriber ManagementWholesale Feature Guide
2 assured-forw 0 0 0
3 network-cont 0 0 0
Egress queues: 4 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Active alarms : None Active defects : None PCS statistics Seconds Bit errors 0 Errored blocks 0 MAC statistics: Receive Transmit Total octets 6970332384 0 Total packets 81050506 0 Unicast packets 81050000 0 Broadcast packets 506 0 Multicast packets 0 0 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Filter statistics: Input packet count 81050506 Input packet rejects 506 Input DA rejects 0 Input SA rejects 0 Output packet count 0 Output packet pad count 0 Output packet error count 0 CAM destination filters: 0, CAM source filters: 0 Packet Forwarding Engine configuration: Destination slot: 5 CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none
Direction : Input CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none
Logical interface xe-5/0/0.0 (Index 71) (SNMP ifIndex 95) (Generation 195)
579Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.100 ] Encapsulation: ENET2 Egress account overhead: 100 Ingress account overhead: 90 Traffic statistics: Input bytes : 0 Output bytes : 46 Input packets: 0 Output packets: 1 IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 46 Input packets: 0 Output packets: 1 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: 1500, Generation: 253, Route table: 0 Addresses, Flags: Is-Preferred Is-Primary Destination: 192.0.2/24, Local: 192.0.2.1, Broadcast: 192.0.2.255, Generation: 265 Protocol multiservice, MTU: Unlimited, Generation: 254, Route table: 0 Flags: None Policer: Input: __default_arp_policer__
show interfaces extensive (10-Gigabit Ethernet, WANPHYMode)
user@host> show interfaces xe-1/0/0 extensivePhysical interface: xe-1/0/0, Enabled, Physical link is Up Interface index: 141, SNMP ifIndex: 34, Generation: 47 Link-level type: Ethernet, MTU: 1514, Speed: 10Gbps, Loopback: Disabled WAN-PHY mode Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps 16384 Link flags : None CoS queues : 4 supported Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:9d, Hardware address: 00:00:5e:00:53:9d Last flapped : 2005-07-07 11:22:34 PDT (3d 12:28 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, HS Link CRC errors: 0, HS Link FIFO overflows: 0,
Copyright © 2018, Juniper Networks, Inc.580
Broadband Subscriber ManagementWholesale Feature Guide
Resource errors: 0 Output errors: Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Queue counters: Queued packets Transmitted packets Dropped packets 0 best-effort 0 0 0 1 expedited-fo 0 0 0 2 assured-forw 0 0 0 3 network-cont 0 0 0 Active alarms : LOL, LOS, LBL Active defects: LOL, LOS, LBL, SEF, AIS-L, AIS-P PCS statistics Seconds Count Bit errors 0 0 Errored blocks 0 0 MAC statistics: Receive Transmit Total octets 0 0 Total packets 0 0 Unicast packets 0 0 Broadcast packets 0 0 Multicast packets 0 0 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Filter statistics: Input packet count 0 Input packet rejects 0 Input DA rejects 0 Input SA rejects 0 Output packet count 0 Output packet pad count 0 Output packet error count 0 CAM destination filters: 0, CAM source filters: 0 PMA PHY: Seconds Count State PLL lock 0 0 OK PHY light 63159 1 Light Missing WIS section: BIP-B1 0 0 SEF 434430 434438 Defect Active LOS 434430 1 Defect Active LOF 434430 1 Defect Active ES-S 434430 SES-S 434430 SEFS-S 434430 WIS line: BIP-B2 0 0 REI-L 0 0 RDI-L 0 0 OK AIS-L 434430 1 Defect Active BERR-SF 0 0 OK BERR-SD 0 0 OK ES-L 434430 SES-L 434430 UAS-L 434420 ES-LFE 0
581Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
SES-LFE 0 UAS-LFE 0 WIS path: BIP-B3 0 0 REI-P 0 0 LOP-P 0 0 OK AIS-P 434430 1 Defect Active RDI-P 0 0 OK UNEQ-P 0 0 OK PLM-P 0 0 OK ES-P 434430 SES-P 434430 UAS-P 434420 ES-PFE 0 SES-PFE 0 UAS-PFE 0 Received path trace: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Transmitted path trace: orissa so-1/0/0 6f 72 69 73 73 61 20 73 6f 2d 31 2f 30 2f 30 00 orissa so-1/0/0. Packet Forwarding Engine configuration: Destination slot: 1 CoS information: CoS transmit queue Bandwidth Buffer Priority Limit % bps % bytes 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none
show interfaces extensive (10-Gigabit Ethernet, DWDMOTNPIC)
user@host> show interfaces ge-7/0/0 extensivePhysical interface: ge-7/0/0, Enabled, Physical link is Down Interface index: 143, SNMP ifIndex: 508, Generation: 208 Link-level type: Ethernet, MTU: 1514, Speed: 10Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x4000 Link flags : None Wavelength : 1550.12 nm, Frequency: 193.40 THz CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:72, Hardware address: 00:00:5e:00:53:72 Last flapped : 2011-04-20 15:48:54 PDT (18:39:49 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 2, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
Copyright © 2018, Juniper Networks, Inc.582
Broadband Subscriber ManagementWholesale Feature Guide
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Egress queues: 8 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont Queue number: Mapped forwarding classes 0 best-effort 1 expedited-forwarding 2 assured-forwarding 3 network-control Active alarms : LINK Active defects : LINK MAC statistics: Receive Transmit Total octets 0 0 Total packets 0 0 Unicast packets 0 0 Broadcast packets 0 0 Multicast packets 0 0 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Total octets 0 0 Total packets 0 0 Unicast packets 0 0 Broadcast packets 0 0 Multicast packets 0 0 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0 MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 OTN alarms : None OTN defects : None OTN FEC Mode : GFEC OTN Rate : Fixed Stuff Bytes 11.0957Gbps OTN Line Loopback : Enabled OTN FEC statistics : Corrected Errors 0 Corrected Error Ratio ( 0 sec average) 0e-0 OTN FEC alarms: Seconds Count State FEC Degrade 0 0 OK FEC Excessive 0 0 OK OTN OC: Seconds Count State LOS 2 1 OK LOF 67164 2 Defect Active
583Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
LOM 67164 71 Defect Active Wavelength Lock 0 0 OK OTN OTU: AIS 0 0 OK BDI 65919 4814 Defect Active IAE 67158 1 Defect Active TTIM 7 1 OK SF 67164 2 Defect Active SD 67164 3 Defect Active TCA-ES 0 0 OK TCA-SES 0 0 OK TCA-UAS 80 40 OK TCA-BBE 0 0 OK BIP 0 0 OK BBE 0 0 OK ES 0 0 OK SES 0 0 OK UAS 587 0 OK Received DAPI: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Received SAPI: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Transmitted DAPI: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Transmitted SAPI: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ OTN Received Overhead Bytes: APS/PCC0: 0x02, APS/PCC1: 0x42, APS/PCC2: 0xa2, APS/PCC3: 0x48 Payload Type: 0x03 OTN Transmitted Overhead Bytes: APS/PCC0: 0x00, APS/PCC1: 0x00, APS/PCC2: 0x00, APS/PCC3: 0x00 Payload Type: 0x03 Filter statistics: Input packet count 0 Input packet rejects 0 Input DA rejects 0 Input SA rejects 0 Output packet count 0 Output packet pad count 0 Output packet error count 0 CAM destination filters: 0, CAM source filters: 0 Packet Forwarding Engine configuration: Destination slot: 7 CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 9500000000 95 0 low none 3 network-control 5 500000000 5 0 low none ...
show interfaces extensive (10-Gigabit Ethernet, LAN PHYMode, Unidirectional Mode)
user@host> show interfaces xe-7/0/0 extensivePhysical interface: xe-7/0/0, Enabled, Physical link is Up Interface index: 173, SNMP ifIndex: 212, Generation: 174 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Unidirectional: Enabled,
Copyright © 2018, Juniper Networks, Inc.584
Broadband Subscriber ManagementWholesale Feature Guide
Loopback: None, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running...
show interfaces extensive (10-Gigabit Ethernet, LAN PHYMode, Unidirectional Mode, Transmit-Only)
user@host> show interfaces xe-7/0/0–tx extensivePhysical interface: xe-7/0/0-tx, Enabled, Physical link is Up Interface index: 176, SNMP ifIndex: 137, Generation: 177 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Unidirectional: Tx-Only Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:83, Hardware address: 00:00:5e:00:53:83 Last flapped : 2007-06-01 09:08:19 PDT (3d 02:31 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 322891152287160 9627472888 bps Input packets: 0 0 pps Output packets: 328809727380 1225492 pps
...
Filter statistics: Output packet count 328810554250 Output packet pad count 0 Output packet error count 0...
Logical interface xe-7/0/0-tx.0 (Index 73) (SNMP ifIndex 138) (Generation 139)
Flags: SNMP-Traps Encapsulation: ENET2 Egress account overhead: 100 Ingress account overhead: 90 Traffic statistics: Input bytes : 0 Output bytes : 322891152287160 Input packets: 0 Output packets: 328809727380 IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 0 0 bps Output bytes : 322891152287160 9627472888 bps Input packets: 0 0 pps Output packets: 328809727380 1225492 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0
585Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Input packets: 0 Output packets: 0 Protocol inet, MTU: 1500, Generation: 147, Route table: 0 Addresses, Flags: Is-Preferred Is-Primary Destination: 10.11.12/24, Local: 10.11.12.13, Broadcast: 10.11.12.255, Generation: 141 Protocol multiservice, MTU: Unlimited, Generation: 148, Route table: 0 Flags: None Policer: Input: __default_arp_policer__
show interfaces extensive (10-Gigabit Ethernet, LAN PHYMode, Unidirectional Mode, Receive-Only)
user@host> show interfaces xe-7/0/0–rx extensivePhysical interface: xe-7/0/0-rx, Enabled, Physical link is Up Interface index: 174, SNMP ifIndex: 118, Generation: 175 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Unidirectional: Rx-Only Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:00:5e:00:53:83, Hardware address: 00:00:5e:00:53:83 Last flapped : 2007-06-01 09:08:22 PDT (3d 02:31 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 322857456303482 9627496104 bps Output bytes : 0 0 bps Input packets: 328775413751 1225495 pps Output packets: 0 0 pps
...
Filter statistics: Input packet count 328775015056 Input packet rejects 1 Input DA rejects 0
...
Logical interface xe-7/0/0-rx.0 (Index 72) (SNMP ifIndex 120) (Generation 138)
Flags: SNMP-Traps Encapsulation: ENET2 Traffic statistics: Input bytes : 322857456303482 Output bytes : 0 Input packets: 328775413751 Output packets: 0 IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 322857456303482 9627496104 bps Output bytes : 0 0 bps
Copyright © 2018, Juniper Networks, Inc.586
Broadband Subscriber ManagementWholesale Feature Guide
Input packets: 328775413751 1225495 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: 1500, Generation: 145, Route table: 0 Addresses, Flags: Is-Preferred Is-Primary Destination: 192.0.2/24, Local: 192.0.2.1, Broadcast: 192.0.2.255, Generation: 139 Protocol multiservice, MTU: Unlimited, Generation: 146, Route table: 0 Flags: None Policer: Input: __default_arp_policer__
Sample Output
Sample Output SRXGigabit Ethernet
user@host> show interfaces ge-0/0/1Physical interface: ge-0/0/1, Enabled, Physical link is Down Interface index: 135, SNMP ifIndex: 510 Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: 00:1f:12:e4:b1:01, Hardware address: 00:1f:12:e4:b1:01 Last flapped : 2015-05-12 08:36:59 UTC (1w1d 22:42 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled
Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 514) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: public Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Dest-route-down Is-Preferred Is-Primary Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255
Sample Output SRXGigabit Ethernet
user@host> show interfaces ge-0/0/1Physical interface: ge-0/0/1, Enabled, Physical link is Down Interface index: 135, SNMP ifIndex: 510 Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Down
587Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Current address: 00:1f:12:e4:b1:01, Hardware address: 00:1f:12:e4:b1:01 Last flapped : 2015-05-12 08:36:59 UTC (1w1d 22:42 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Active alarms : LINK Active defects : LINK Interface transmit statistics: Disabled
Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 514) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Input packets : 0 Output packets: 0 Security: Zone: public Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Dest-route-down Is-Preferred Is-Primary Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255
show interfaces detail (Gigabit Ethernet)
user@host> show interfaces ge-0/0/1 detailPhysical interface: ge-0/0/1, Enabled, Physical link is Down Interface index: 135, SNMP ifIndex: 510, Generation: 138 Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:1f:12:e4:b1:01, Hardware address: 00:1f:12:e4:b1:01 Last flapped : 2015-05-12 08:36:59 UTC (1w2d 00:00 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Egress queues: 8 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Queue number: Mapped forwarding classes 0 best-effort 1 expedited-forwarding 2 assured-forwarding 3 network-control Active alarms : LINK Active defects : LINK
Copyright © 2018, Juniper Networks, Inc.588
Broadband Subscriber ManagementWholesale Feature Guide
Interface transmit statistics: Disabled
Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 514) (Generation 136) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Security: Zone: public Flow Statistics : Flow Input statistics : Self packets : 0 ICMP packets : 0 VPN packets : 0 Multicast packets : 0 Bytes permitted by policy : 0 Connections established : 0 Flow Output statistics: Multicast packets : 0 Bytes permitted by policy : 0 Flow error statistics (Packets dropped due to): Address spoofing: 0 Authentication failed: 0 Incoming NAT errors: 0 Invalid zone received packet: 0 Multiple user authentications: 0 Multiple incoming NAT: 0 No parent for a gate: 0 No one interested in self packets: 0 No minor session: 0 No more sessions: 0 No NAT gate: 0 No route present: 0 No SA for incoming SPI: 0 No tunnel found: 0 No session for a gate: 0 No zone or NULL zone binding 0 Policy denied: 0 Security association not active: 0 TCP sequence number out of window: 0 Syn-attack protection: 0 User authentication errors: 0 Protocol inet, MTU: 1500, Generation: 150, Route table: 0 Flags: Sendbcast-pkt-to-re Addresses, Flags: Dest-route-down Is-Preferred Is-Primary Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255, Generation: 150
589Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show interfaces statistics st0.0 detail
user@host> show interfaces statistics st0.0 detail Logical interface st0.0 (Index 71) (SNMP ifIndex 609) (Generation 136) Flags: Up Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel Traffic statistics: Input bytes : 528152756774 Output bytes : 575950643520 Input packets: 11481581669 Output packets: 12520666095 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 0 121859888 bps Output bytes : 0 128104112 bps Input packets: 0 331141 pps Output packets: 0 348108 pps Security: Zone: untrust Allowed host-inbound traffic : any-service bfd bgp dvmrp igmp ldp msdp nhrp ospf ospf3 pgm pim rip ripng router-discovery rsvp sap vrrp Flow Statistics : Flow Input statistics : Self packets : 0 ICMP packets : 0 VPN packets : 0 Multicast packets : 0 Bytes permitted by policy : 525984295844 Connections established : 7 Flow Output statistics: Multicast packets : 0 Bytes permitted by policy : 576003290222 Flow error statistics (Packets dropped due to): Address spoofing: 0 Authentication failed: 0 Incoming NAT errors: 0 Invalid zone received packet: 0 Multiple user authentications: 0 Multiple incoming NAT: 0 No parent for a gate: 0 No one interested in self packets: 0 No minor session: 0 No more sessions: 0 No NAT gate: 0 No route present: 2000280 No SA for incoming SPI: 0 No tunnel found: 0 No session for a gate: 0 No zone or NULL zone binding 0 Policy denied: 0 Security association not active: 0 TCP sequence number out of window: 0 Syn-attack protection: 0 User authentication errors: 0 Protocol inet, MTU: 9192 Max nh cache: 0, New hold nh limit: 0, Curr nh cnt: 0, Curr new hold cnt: 0, NH drop cnt: 0 Generation: 155, Route table: 0
Copyright © 2018, Juniper Networks, Inc.590
Broadband Subscriber ManagementWholesale Feature Guide
Flags: Sendbcast-pkt-to-re
show interfaces extensive (Gigabit Ethernet)
user@host> show interfaces ge-0/0/1.0 extensivePhysical interface: ge-0/0/1, Enabled, Physical link is Down Interface index: 135, SNMP ifIndex: 510, Generation: 138 Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online Device flags : Present Running Down Interface flags: Hardware-Down SNMP-Traps Internal: 0x0 Link flags : None CoS queues : 8 supported, 8 maximum usable queues Hold-times : Up 0 ms, Down 0 ms Current address: 00:1f:12:e4:b1:01, Hardware address: 00:1f:12:e4:b1:01 Last flapped : 2015-05-12 08:36:59 UTC (1w1d 22:57 ago) Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0 Egress queues: 8 supported, 4 in use Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 0 0 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Queue number: Mapped forwarding classes 0 best-effort 1 expedited-forwarding 2 assured-forwarding 3 network-control Active alarms : LINK Active defects : LINK MAC statistics: Receive Transmit Total octets 0 0 Total packets 0 0 Unicast packets 0 0 Broadcast packets 0 0 Multicast packets 0 0 CRC/Align errors 0 0 FIFO errors 0 0 MAC control frames 0 0
591Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
MAC pause frames 0 0 Oversized frames 0 Jabber frames 0 Fragment frames 0 VLAN tagged frames 0 Code violations 0 Filter statistics: Input packet count 0 Input packet rejects 0 Input DA rejects 0 Input SA rejects 0 Output packet count 0 Output packet pad count 0 Output packet error count 0 CAM destination filters: 2, CAM source filters: 0 Autonegotiation information: Negotiation status: Incomplete Packet Forwarding Engine configuration: Destination slot: 0 CoS information: Direction : Output CoS transmit queue Bandwidth Buffer Priority Limit % bps % usec 0 best-effort 95 950000000 95 0 low none 3 network-control 5 50000000 5 0 low none Interface transmit statistics: Disabled
Logical interface ge-0/0/1.0 (Index 71) (SNMP ifIndex 514) (Generation 136) Flags: Device-Down SNMP-Traps 0x0 Encapsulation: ENET2 Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Security: Zone: public Flow Statistics : Flow Input statistics : Self packets : 0 ICMP packets : 0 VPN packets : 0 Multicast packets : 0 Bytes permitted by policy : 0 Connections established : 0 Flow Output statistics: Multicast packets : 0 Bytes permitted by policy : 0 Flow error statistics (Packets dropped due to): Address spoofing: 0
Copyright © 2018, Juniper Networks, Inc.592
Broadband Subscriber ManagementWholesale Feature Guide
Authentication failed: 0 Incoming NAT errors: 0 Invalid zone received packet: 0 Multiple user authentications: 0 Multiple incoming NAT: 0 No parent for a gate: 0 No one interested in self packets: 0 No minor session: 0 No more sessions: 0 No NAT gate: 0 No route present: 0 No SA for incoming SPI: 0 No tunnel found: 0 No session for a gate: 0 No zone or NULL zone binding 0 Policy denied: 0 Security association not active: 0 TCP sequence number out of window: 0 Syn-attack protection: 0 User authentication errors: 0 Protocol inet, MTU: 1500, Generation: 150, Route table: 0 Flags: Sendbcast-pkt-to-re Addresses, Flags: Dest-route-down Is-Preferred Is-Primary Destination: 1.1.1/24, Local: 1.1.1.1, Broadcast: 1.1.1.255, Generation: 150
show interfaces terse
user@host> show interfaces terse Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.0 up up inet 10.209.4.61/18 gr-0/0/0 up up ip-0/0/0 up up st0 up up st0.1 up ready inet ls-0/0/0 up up lt-0/0/0 up up mt-0/0/0 up up pd-0/0/0 up up pe-0/0/0 up up e3-1/0/0 up up t3-2/0/0 up up e1-3/0/0 up up se-4/0/0 up down t1-5/0/0 up up br-6/0/0 up up dc-6/0/0 up up dc-6/0/0.32767 up up bc-6/0/0:1 down up bc-6/0/0:1.0 up down dl0 up up dl0.0 up up inet dsc up up gre up up ipip up up lo0 up up lo0.16385 up up inet 10.0.0.1 --> 0/0 10.0.0.16 --> 0/0
593Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
lsi up up mtun up up pimd up up pime up up pp0 up up
show interfaces controller (Channelized E1 IQwith Logical E1)
user@host> show interfaces controller ce1-1/2/6
Controller Admin Linkce1-1/2/6 up upe1-1/2/6 up up
show interfaces controller (Channelized E1 IQwith Logical DS0)
user@host> show interfaces controller ce1-1/2/3
Controller Admin Linkce1-1/2/3 up up
ds-1/2/3:1 up up
ds-1/2/3:2 up up
show interfaces descriptions
user@host> show interfaces descriptions Interface Admin Link Description so-1/0/0 up up M20-3#1 so-2/0/0 up up GSR-12#1 ge-3/0/0 up up SMB-OSPF_Area300 so-3/3/0 up up GSR-13#1 so-3/3/1 up up GSR-13#2 ge-4/0/0 up up T320-7#1 ge-5/0/0 up up T320-7#2 so-7/1/0 up up M160-6#1 ge-8/0/0 up up T320-7#3 ge-9/0/0 up up T320-7#4 so-10/0/0 up up M160-6#2 so-13/0/0 up up M20-3#2 so-14/0/0 up up GSR-12#2 ge-15/0/0 up up SMB-OSPF_Area100 ge-15/0/1 up up GSR-13#3
show interfaces destination-class all
user@host> show interfaces destination-class allLogical interface so-4/0/0.0 Packets Bytes Destination class (packet-per-second) (bits-per-second) gold 0 0 ( 0) ( 0) silver 0 0 ( 0) ( 0) Logical interface so-0/1/3.0 Packets Bytes Destination class (packet-per-second) (bits-per-second) gold 0 0 ( 0) ( 0)
Copyright © 2018, Juniper Networks, Inc.594
Broadband Subscriber ManagementWholesale Feature Guide
silver 0 0 ( 0) ( 0)
show interfaces diagnostics optics
user@host> show interfaces diagnostics optics ge-2/0/0Physical interface: ge-2/0/0 Laser bias current : 7.408 mA Laser output power : 0.3500 mW / -4.56 dBm Module temperature : 23 degrees C / 73 degrees F Module voltage : 3.3450 V Receiver signal average optical power : 0.0002 mW / -36.99 dBm Laser bias current high alarm : Off Laser bias current low alarm : Off Laser bias current high warning : Off Laser bias current low warning : Off Laser output power high alarm : Off Laser output power low alarm : Off Laser output power high warning : Off Laser output power low warning : Off Module temperature high alarm : Off Module temperature low alarm : Off Module temperature high warning : Off Module temperature low warning : Off Module voltage high alarm : Off Module voltage low alarm : Off Module voltage high warning : Off Module voltage low warning : Off Laser rx power high alarm : Off Laser rx power low alarm : On Laser rx power high warning : Off Laser rx power low warning : On Laser bias current high alarm threshold : 17.000 mA Laser bias current low alarm threshold : 1.000 mA Laser bias current high warning threshold : 14.000 mA Laser bias current low warning threshold : 2.000 mA Laser output power high alarm threshold : 0.6310 mW / -2.00 dBm Laser output power low alarm threshold : 0.0670 mW / -11.74 dBm Laser output power high warning threshold : 0.6310 mW / -2.00 dBm Laser output power low warning threshold : 0.0790 mW / -11.02 dBm Module temperature high alarm threshold : 95 degrees C / 203 degrees F Module temperature low alarm threshold : -25 degrees C / -13 degrees F Module temperature high warning threshold : 90 degrees C / 194 degrees F Module temperature low warning threshold : -20 degrees C / -4 degrees F Module voltage high alarm threshold : 3.900 V Module voltage low alarm threshold : 2.700 V Module voltage high warning threshold : 3.700 V Module voltage low warning threshold : 2.900 V Laser rx power high alarm threshold : 1.2590 mW / 1.00 dBm Laser rx power low alarm threshold : 0.0100 mW / -20.00 dBm Laser rx power high warning threshold : 0.7940 mW / -1.00 dBm Laser rx power low warning threshold : 0.0158 mW / -18.01 dBm
show interfaces far-end-interval coc12-5/2/0
user@host> show interfaces far-end-interval coc12-5/2/0Physical interface: coc12-5/2/0, SNMP ifIndex: 121 05:30-current: ES-L: 1, SES-L: 1, UAS-L: 0
595Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
05:15-05:30: ES-L: 0, SES-L: 0, UAS-L: 0 05:00-05:15: ES-L: 0, SES-L: 0, UAS-L: 0 04:45-05:00: ES-L: 0, SES-L: 0, UAS-L: 0 04:30-04:45: ES-L: 0, SES-L: 0, UAS-L: 0 04:15-04:30: ES-L: 0, SES-L: 0, UAS-L: 0 04:00-04:15:...
show interfaces far-end-interval coc1-5/2/1:1
user@host> run show interfaces far-end-interval coc1-5/2/1:1 Physical interface: coc1-5/2/1:1, SNMP ifIndex: 342 05:30-current: ES-L: 1, SES-L: 1, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 05:15-05:30: ES-L: 0, SES-L: 0, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 05:00-05:15: ES-L: 0, SES-L: 0, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 04:45-05:00: ES-L: 0, SES-L: 0, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 04:30-04:45: ES-L: 0, SES-L: 0, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 04:15-04:30: ES-L: 0, SES-L: 0, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 04:00-04:15:
show interfaces filters
user@host> show interfaces filtersInterface Admin Link Proto Input Filter Output Filterge-0/0/0 up upge-0/0/0.0 up up inet isoge-5/0/0 up up ge-5/0/0.0 up up any f-any inet f-inet multiservicegr-0/3/0 up upip-0/3/0 up upmt-0/3/0 up uppd-0/3/0 up uppe-0/3/0 up upvt-0/3/0 up upat-1/0/0 up upat-1/0/0.0 up up inet isoat-1/1/0 up downat-1/1/0.0 up down inet iso....
show interfaces flow-statistics (Gigabit Ethernet)
user@host> show interfaces flow-statistics ge-0/0/1.0
Copyright © 2018, Juniper Networks, Inc.596
Broadband Subscriber ManagementWholesale Feature Guide
Logical interface ge-0/0/1.0 (Index 70) (SNMP ifIndex 49) Flags: SNMP-Traps Encapsulation: ENET2 Input packets : 5161 Output packets: 83 Security: Zone: zone2 Allowed host-inbound traffic : bootp bfd bgp dns dvmrp ldp msdp nhrp ospf pgm pim rip router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http https ike netconf ping rlogin rpm rsh snmp snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping Flow Statistics : Flow Input statistics : Self packets : 0 ICMP packets : 0 VPN packets : 2564 Bytes permitted by policy : 3478 Connections established : 1 Flow Output statistics: Multicast packets : 0 Bytes permitted by policy : 16994 Flow error statistics (Packets dropped due to): Address spoofing: 0 Authentication failed: 0 Incoming NAT errors: 0 Invalid zone received packet: 0 Multiple user authentications: 0 Multiple incoming NAT: 0 No parent for a gate: 0 No one interested in self packets: 0 No minor session: 0 No more sessions: 0 No NAT gate: 0 No route present: 0 No SA for incoming SPI: 0 No tunnel found: 0 No session for a gate: 0 No zone or NULL zone binding 0 Policy denied: 0 Security association not active: 0 TCP sequence number out of window: 0 Syn-attack protection: 0 User authentication errors: 0 Protocol inet, MTU: 1500 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113.1/24, Local: 203.0.113.2, Broadcast: 2.2.2.255
show interfaces interval (Channelized OC12)
user@host> show interfaces interval t3-0/3/0:0Physical interface: t3-0/3/0:0, SNMP ifIndex: 23 17:43-current: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 17:28-17:43: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 17:13-17:28:
597Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 16:58-17:13: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 16:43-16:58: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, ...Interval Total: LCV: 230, PCV: 1145859, CCV: 455470, LES: 0, PES: 230, PSES: 230, CES: 230, CSES: 230, SEFS: 230, UAS: 238
show interfaces interval (E3)
user@host> show interfaces interval e3-0/3/0Physical interface: e3-0/3/0, SNMP ifIndex: 23 17:43-current: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 17:28-17:43: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 17:13-17:28: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 16:58-17:13: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, SEFS: 0, UAS: 0 16:43-16:58: LCV: 0, PCV: 0, CCV: 0, LES: 0, PES: 0, PSES: 0, CES: 0, CSES: 0, ....Interval Total: LCV: 230, PCV: 1145859, CCV: 455470, LES: 0, PES: 230, PSES: 230, CES: 230, CSES: 230, SEFS: 230, UAS: 238
show interfaces interval (SONET/SDH) (SRX devices)
user@host> show interfaces interval so-0/1/0Physical interface: so-0/1/0, SNMP ifIndex: 19 20:02-current: ES-S: 0, SES-S: 0, SEFS-S: 0, ES-L: 0, SES-L: 0, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 19:47-20:02: ES-S: 267, SES-S: 267, SEFS-S: 267, ES-L: 267, SES-L: 267, UAS-L: 267, ES-P: 267, SES-P: 267, UAS-P: 267 19:32-19:47: ES-S: 56, SES-S: 56, SEFS-S: 56, ES-L: 56, SES-L: 56, UAS-L: 46, ES-P: 56, SES-P: 56, UAS-P: 46 19:17-19:32: ES-S: 0, SES-S: 0, SEFS-S: 0, ES-L: 0, SES-L: 0, UAS-L: 0, ES-P: 0, SES-P: 0, UAS-P: 0 19:02-19:17:.....
show interfaces load-balancing (SRX devices)
user@host> show interfaces load-balancingInterface State Last change Member countams0 Up 1d 00:50 2ams1 Up 00:00:59 2
Copyright © 2018, Juniper Networks, Inc.598
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces load-balancing detail (SRX devices)
user@host>show interfaces load-balancing detailLoad-balancing interfaces detailInterface : ams0 State : Up Last change : 1d 00:51 Member count : 2 Members : Interface Weight State mams-2/0/0 10 Active mams-2/1/0 10 Active
show interfacesmac-database (All MAC Addresses on a Port SRX devices)
user@host> show interfacesmac-database xe-0/3/3Physical interface: xe-0/3/3, Enabled, Physical link is Up Interface index: 372, SNMP ifIndex: 788 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Loopback: None, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None
Logical interface xe-0/3/3.0 (Index 364) (SNMP ifIndex 829) Flags: SNMP-Traps 0x4004000 Encapsulation: ENET2 MAC address Input frames Input bytes Output frames Output bytes 00:00:00:00:00:00 1 56 0 0 00:00:c0:01:01:02 7023810 323095260 0 0 00:00:c0:01:01:03 7023810 323095260 0 0 00:00:c0:01:01:04 7023810 323095260 0 0 00:00:c0:01:01:05 7023810 323095260 0 0 00:00:c0:01:01:06 7023810 323095260 0 0 00:00:c0:01:01:07 7023810 323095260 0 0 00:00:c0:01:01:08 7023809 323095214 0 0 00:00:c0:01:01:09 7023809 323095214 0 0 00:00:c0:01:01:0a 7023809 323095214 0 0 00:00:c0:01:01:0b 7023809 323095214 0 0 00:00:c8:01:01:02 30424784 1399540064 37448598 1722635508 00:00:c8:01:01:03 30424784 1399540064 37448598 1722635508 00:00:c8:01:01:04 30424716 1399536936 37448523 1722632058 00:00:c8:01:01:05 30424789 1399540294 37448598 1722635508 00:00:c8:01:01:06 30424788 1399540248 37448597 1722635462 00:00:c8:01:01:07 30424783 1399540018 37448597 1722635462 00:00:c8:01:01:08 30424783 1399540018 37448596 1722635416 00:00:c8:01:01:09 8836796 406492616 8836795 406492570 00:00:c8:01:01:0a 30424712 1399536752 37448521 1722631966 00:00:c8:01:01:0b 30424715 1399536890 37448523 1722632058 Number of MAC addresses : 21
show interfacesmac-database (All MAC Addresses on a Service SRX devices)
user@host> show interfacesmac-database xe-0/3/3Logical interface xe-0/3/3.0 (Index 364) (SNMP ifIndex 829) Flags: SNMP-Traps 0x4004000 Encapsulation: ENET2 MAC address Input frames Input bytes Output frames Output bytes 00:00:00:00:00:00 1 56 0 0
599Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
00:00:c0:01:01:02 7023810 323095260 0 0 00:00:c0:01:01:03 7023810 323095260 0 0 00:00:c0:01:01:04 7023810 323095260 0 0 00:00:c0:01:01:05 7023810 323095260 0 0 00:00:c0:01:01:06 7023810 323095260 0 0 00:00:c0:01:01:07 7023810 323095260 0 0 00:00:c0:01:01:08 7023809 323095214 0 0 00:00:c0:01:01:09 7023809 323095214 0 0 00:00:c0:01:01:0a 7023809 323095214 0 0 00:00:c0:01:01:0b 7023809 323095214 0 0 00:00:c8:01:01:02 31016568 1426762128 38040381 1749857526 00:00:c8:01:01:03 31016568 1426762128 38040382 1749857572 00:00:c8:01:01:04 31016499 1426758954 38040306 1749854076 00:00:c8:01:01:05 31016573 1426762358 38040381 1749857526 00:00:c8:01:01:06 31016573 1426762358 38040381 1749857526 00:00:c8:01:01:07 31016567 1426762082 38040380 1749857480 00:00:c8:01:01:08 31016567 1426762082 38040379 1749857434 00:00:c8:01:01:09 9428580 433714680 9428580 433714680 00:00:c8:01:01:0a 31016496 1426758816 38040304 1749853984 00:00:c8:01:01:0b 31016498 1426758908 38040307 1749854122
show interfacesmac-databasemac-address
user@host> show interfacesmac-database xe-0/3/3mac-address (SRX devices)00:00:c8:01:01:09Physical interface: xe-0/3/3, Enabled, Physical link is Up Interface index: 372, SNMP ifIndex: 788 Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Speed: 10Gbps, Loopback: None, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 Link flags : None
Logical interface xe-0/3/3.0 (Index 364) (SNMP ifIndex 829) Flags: SNMP-Traps 0x4004000 Encapsulation: ENET2 MAC address: 00:00:c8:01:01:09, Type: Configured, Input bytes : 202324652 Output bytes : 202324560 Input frames : 4398362 Output frames : 4398360 Policer statistics: Policer type Discarded frames Discarded bytes Output aggregate 3992386 183649756
show interfacesmc-ae (SRX devices)
user@host> show interfacesmc-ae ae0 unit 512 Member Links : ae0 Local Status : active Peer Status : active Logical Interface : ae0.512 Core Facing Interface : Label Ethernet Interface ICL-PL : Label Ethernet Interface
show interfacesmedia (SONET/SDH)
The following example displays the output fields unique to the show interfacesmedia
command for a SONET interface (with no level of output specified):
Copyright © 2018, Juniper Networks, Inc.600
Broadband Subscriber ManagementWholesale Feature Guide
user@host> show interfacesmedia so-4/1/2Physical interface: so-4/1/2, Enabled, Physical link is Up Interface index: 168, SNMP ifIndex: 495 Link-level type: PPP, MTU: 4474, Clocking: Internal, SONET mode, Speed: OC48, Loopback: None, FCS: 16, Payload scrambler: Enabled Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps 16384 Link flags : Keepalives Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 Keepalive: Input: 1783 (00:00:00 ago), Output: 1786 (00:00:08 ago) LCP state: Opened NCP state: inet: Not-configured, inet6: Not-configured, iso: Not-configured, mpls: Not-configured CHAP state: Not-configured CoS queues : 8 supported Last flapped : 2005-06-15 12:14:59 PDT (04:31:29 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) SONET alarms : None SONET defects : None SONET errors: BIP-B1: 121, BIP-B2: 916, REI-L: 0, BIP-B3: 137, REI-P: 16747, BIP-BIP2: 0 Received path trace: routerb so-1/1/2 Transmitted path trace: routera so-4/1/2
show interfaces policers (SRX devices)
user@host> show interfaces policersInterface Admin Link Proto Input Policer Output Policerge-0/0/0 up upge-0/0/0.0 up up inet isogr-0/3/0 up upip-0/3/0 up upmt-0/3/0 up uppd-0/3/0 up uppe-0/3/0 up up...so-2/0/0 up upso-2/0/0.0 up up inet so-2/0/0.0-in-policer so-2/0/0.0-out-policer isoso-2/1/0 up down...
show interfaces policers interface-name (SRX devices)
user@host> show interfaces policers so-2/1/0Interface Admin Link Proto Input Policer Output Policerso-2/1/0 up downso-2/1/0.0 up down inet so-2/1/0.0-in-policer so-2/1/0.0-out-policer iso inet6
show interfaces queue (SRX devices)
The following truncatedexampleshowstheCoSqueuesizes forqueues0, 1, and3.Queue
1 has a queue buffer size (guaranteed allocatedmemory) of 9192 bytes.
601Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
user@host> show interfaces queuePhysical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 134, SNMP ifIndex: 509Forwarding classes: 8 supported, 8 in useEgress queues: 8 supported, 8 in useQueue: 0, Forwarding classes: class0 Queued: Packets : 0 0 pps Bytes : 0 0 bps Transmitted: Packets : 0 0 pps Bytes : 0 0 bps Tail-dropped packets : 0 0 pps RL-dropped packets : 0 0 pps RL-dropped bytes : 0 0 bps RED-dropped packets : 0 0 pps Low : 0 0 pps Medium-low : 0 0 pps Medium-high : 0 0 pps High : 0 0 pps RED-dropped bytes : 0 0 bps Low : 0 0 bps Medium-low : 0 0 bps Medium-high : 0 0 bps High : 0 0 bps Queue Buffer Usage: Reserved buffer : 118750000 bytes Queue-depth bytes : Current : 0....Queue: 1, Forwarding classes: class1.... Queue Buffer Usage: Reserved buffer : 9192 bytes Queue-depth bytes : Current : 0....Queue: 3, Forwarding classes: class3 Queued:....Queue Buffer Usage: Reserved buffer : 6250000 bytes Queue-depth bytes : Current : 0....
show interfaces redundancy (SRX devices)
user@host> show interfaces redundancyInterface State Last change Primary Secondary Current statusrsp0 Not present sp-1/0/0 sp-0/2/0 both downrsp1 On secondary 1d 23:56 sp-1/2/0 sp-0/3/0 primary downrsp2 On primary 10:10:27 sp-1/3/0 sp-0/2/0 secondary down rlsq0 On primary 00:06:24 lsq-0/3/0 lsq-1/0/0 both up
Copyright © 2018, Juniper Networks, Inc.602
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces redundancy (Aggregated Ethernet SRX devices)
user@host> show interfaces redundancyInterface State Last change Primary Secondary Current statusrlsq0 On secondary 00:56:12 lsq-4/0/0 lsq-3/0/0 both up
ae0 ae1 ae2 ae3 ae4
show interfaces redundancy detail (SRX devices)
user@host> show interfaces redundancy detailInterface : rlsq0 State : On primary Last change : 00:45:47 Primary : lsq-0/2/0 Secondary : lsq-1/2/0 Current status : both up Mode : hot-standby
Interface : rlsq0:0 State : On primary Last change : 00:45:46 Primary : lsq-0/2/0:0 Secondary : lsq-1/2/0:0 Current status : both up Mode : warm-standby
show interfaces routing brief (SRX devices)
user@host> show interfaces routing briefInterface State Addressesso-5/0/3.0 Down ISO enabledso-5/0/2.0 Up MPLS enabled ISO enabled INET 192.168.2.120 INET enabledso-5/0/1.0 Up MPLS enabled ISO enabled INET 192.168.2.130 INET enabledat-1/0/0.3 Up CCC enabledat-1/0/0.2 Up CCC enabledat-1/0/0.0 Up ISO enabled INET 192.168.90.10 INET enabledlo0.0 Up ISO 47.0005.80ff.f800.0000.0108.0001.1921.6800.5061.00 ISO enabled INET 127.0.0.1fxp1.0 Upfxp0.0 Up INET 192.168.6.90
show interfaces routing detail (SRX devices)
user@host> show interfaces routing detailso-5/0/3.0 Index: 15, Refcount: 2, State: Up <Broadcast PointToPoint Multicast> Change:<>
603Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Metric: 0, Up/down transitions: 0, Full-duplex Link layer: HDLC serial line Encapsulation: PPP Bandwidth: 155Mbps ISO address (null) State: <Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytesso-5/0/2.0 Index: 14, Refcount: 7, State: <Up Broadcast PointToPoint Multicast> Change:<>
Metric: 0, Up/down transitions: 0, Full-duplex Link layer: HDLC serial line Encapsulation: PPP Bandwidth: 155Mbps MPLS address (null) State: <Up Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4458 bytes ISO address (null) State: <Up Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes INET address 192.168.2.120 State: <Up Broadcast PointToPoint Multicast Localup> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes Local address: 192.168.2.120 Destination: 192.168.2.110/32 INET address (null) State: <Up Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes...
show interfaces routing-instance all (SRX devices)
user@host> show interfaces terse routing-instance allInterface Admin Link Proto Local Remote Instance at-0/0/1 up up inet 10.0.0.1/24ge-0/0/0.0 up up inet 192.168.4.28/24 sample-a at-0/1/0.0 up up inet6 fe80::a:0:0:4/64 sample-b so-0/0/0.0 up up inet 10.0.0.1/32
show interfaces snmp-index (SRX devices)
user@host> show interfaces snmp-index 33Physical interface: so-2/1/1, Enabled, Physical link is Down Interface index: 149, SNMP ifIndex: 33 Link-level type: PPP, MTU: 4474, Clocking: Internal, SONET mode, Speed: OC48, Loopback: None, FCS: 16, Payload scrambler: Enabled Device flags : Present Running Down Interface flags: Hardware-Down Point-To-Point SNMP-Traps 16384 Link flags : Keepalives CoS queues : 8 supported Last flapped : 2005-06-15 11:45:57 PDT (05:38:43 ago) Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) SONET alarms : LOL, PLL, LOS SONET defects : LOL, PLL, LOF, LOS, SEF, AIS-L, AIS-P
show interfaces source-class all (SRX devices)
user@host> show interfaces source-class allLogical interface so-0/1/0.0 Packets Bytes Source class (packet-per-second) (bits-per-second) gold 1928095 161959980
Copyright © 2018, Juniper Networks, Inc.604
Broadband Subscriber ManagementWholesale Feature Guide
( 889) ( 597762) bronze 0 0 ( 0) ( 0) silver 0 0 ( 0) ( 0) Logical interface so-0/1/3.0 Packets Bytes Source class (packet-per-second) (bits-per-second) gold 0 0 ( 0) ( 0) bronze 0 0 ( 0) ( 0) silver 116113 9753492 ( 939) ( 631616)
show interfaces statistics (Fast Ethernet SRX devices)
user@host> show interfaces fe-1/3/1 statisticsPhysical interface: fe-1/3/1, Enabled, Physical link is Up Interface index: 144, SNMP ifIndex: 1042 Description: ford fe-1/3/1 Link-level type: Ethernet, MTU: 1514, Speed: 100mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 CoS queues : 4 supported, 4 maximum usable queues Current address: 00:90:69:93:04:dc, Hardware address: 00:90:69:93:04:dc Last flapped : 2006-04-18 03:08:59 PDT (00:01:24 ago) Statistics last cleared: Never Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps) Input errors: 0, Output errors: 0 Active alarms : None Active defects : None Logical interface fe-1/3/1.0 (Index 69) (SNMP ifIndex 50) Flags: SNMP-Traps Encapsulation: ENET2 Protocol inet, MTU: 1500 Flags: Is-Primary, DCU, SCU-in Packets Bytes Destination class (packet-per-second) (bits-per-second) silver1 0 0 ( 0) ( 0) silver2 0 0 ( 0) ( 0) silver3 0 0 ( 0) ( 0) Addresses, Flags: Is-Default Is-Preferred Is-Primary Destination: 10.27.245/24, Local: 10.27.245.2, Broadcast: 10.27.245.255 Protocol iso, MTU: 1497 Flags: Is-Primary
show interfaces switch-port (SRX devices)
user@host# show interfaces ge-slot/0/0 switch-port port-numberPort 0, Physical link is Up Speed: 100mbps, Auto-negotiation: Enabled Statistics: Receive Transmit Total bytes 28437086 21792250 Total packets 409145 88008
605Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Unicast packets 9987 83817 Multicast packets 145002 0 Broadcast packets 254156 4191 Multiple collisions 23 10 FIFO/CRC/Align errors 0 0 MAC pause frames 0 0 Oversized frames 0 Runt frames 0 Jabber frames 0 Fragment frames 0 Discarded frames 0 Autonegotiation information: Negotiation status: Complete Link partner: Link mode: Full-duplex, Flow control: None, Remote fault: OK, Link partner Speed: 100 Mbps Local resolution: Flow control: None, Remote fault: Link OK
show interfaces transport pm (SRX devices)
user@host> show interfaces transport pm all current et-0/1/0Physical interface: et-0/1/0, SNMP ifIndex 515 14:45-current Elapse time:900 Seconds Near End Suspect Flag:False Reason:None PM COUNT THRESHOLD TCA-ENABLED TCA-RAISED
OTU-BBE 0 800 No No OTU-ES 0 135 No No OTU-SES 0 90 No No OTU-UAS 427 90 No No Far End Suspect Flag:True Reason:Unknown PM COUNT THRESHOLD TCA-ENABLED TCA-RAISED
OTU-BBE 0 800 No No OTU-ES 0 135 No No OTU-SES 0 90 No No OTU-UAS 0 90 No No Near End Suspect Flag:False Reason:None PM COUNT THRESHOLD TCA-ENABLED TCA-RAISED
ODU-BBE 0 800 No No ODU-ES 0 135 No No ODU-SES 0 90 No No ODU-UAS 427 90 No No Far End Suspect Flag:True Reason:Unknown PM COUNT THRESHOLD TCA-ENABLED TCA-RAISED
ODU-BBE 0 800 No No ODU-ES 0 135 No No ODU-SES 0 90 No No ODU-UAS 0 90 No No FEC Suspect Flag:False Reason:None PM COUNT THRESHOLD TCA-ENABLED TCA-RAISED
FEC-CorrectedErr 2008544300 0 NA NA FEC-UncorrectedWords 0 0 NA NA BER Suspect Flag:False Reason:None PM MIN MAX AVG THRESHOLD TCA-ENABLED TCA-RAISED BER 3.6e-5 5.8e-5 3.6e-5 10.0e-3 No
Copyright © 2018, Juniper Networks, Inc.606
Broadband Subscriber ManagementWholesale Feature Guide
YesPhysical interface: et-0/1/0, SNMP ifIndex 515 14:45-current Suspect Flag:True Reason:Object Disabled PM CURRENT MIN MAX AVG THRESHOLD TCA-ENABLED TCA-RAISED (MIN) (MAX) (MIN) (MAX) (MIN) (MAX) Lane chromatic dispersion 0 0 0 0 0 0 NA NA NA NA Lane differential group delay 0 0 0 0 0 0 NA NA NA NA q Value 120 120 120 120 0 0 NA NA NA NA SNR 28 28 29 28 0 0 NA NA NA NA Tx output power(0.01dBm) -5000 -5000 -5000 -5000 -300 -100 No No No No Rx input power(0.01dBm) -3642 -3665 -3626 -3637 -1800 -500 No No No No Module temperature(Celsius) 46 46 46 46 -5 75 No No No No Tx laser bias current(0.1mA) 0 0 0 0 0 0 NA NA NA NA Rx laser bias current(0.1mA) 1270 1270 1270 1270 0 0 NA NA NA NA Carrier frequency offset(MHz) -186 -186 -186 -186 -5000 5000 No No No No
show security zones (SRX devices)
user@host> show security zonesFunctional zone: management Description: This is the management zone. Policy configurable: No Interfaces bound: 1 Interfaces: ge-0/0/0.0Security zone: Host Description: This is the host zone. Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 1 Interfaces: fxp0.0Security zone: abc Description: This is the abc zone. Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 1 Interfaces: ge-0/0/1.0Security zone: def Description: This is the def zone. Send reset for non-SYN session TCP packets: Off Policy configurable: Yes Interfaces bound: 1 Interfaces: ge-0/0/2.0
607Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show interfaces (Loopback)
Syntax show interfaces lo0<brief | detail | extensive | terse><descriptions><media><snmp-index snmp-index><statistics>
Release Information Command introduced before Junos OS Release 7.4.
Description Display status information about the local loopback interface.
NOTE: Logical interface lo0.16385 is the loopback interface for the internal
routing instance.Createdby the internal routingserviceprocess, this interfacefacilitates internal traffic. It prevents any filter created on loopback lo0.0
from blocking internal traffic.
Options lo0—Display standard status information about the local loopback interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information.
snmp-index snmp-index—(Optional) Display information for the specified SNMP indexof the interface.
statistics—(Optional) Display static interface statistics.
Required PrivilegeLevel
view
List of Sample Output show interfaces (Loopback) on page 611show interfaces brief (Loopback) on page 612show interfaces detail (Loopback) on page 612show interfaces extensive (Loopback) on page 613
Output Fields Table28onpage608 lists theoutput fields for the showinterfaces (loopback)command.
Output fields are listed in the approximate order in which they appear.
Table 28: Loopback show interfaces Output Fields
Level of OutputField DescriptionField Name
Physical Interface
Copyright © 2018, Juniper Networks, Inc.608
Broadband Subscriber ManagementWholesale Feature Guide
Table 28: Loopback show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
All levelsName of the physical interface.Physical Interface
All levelsState of the interface. Possible values are described in the “Enabled Field”section under Common Output Fields Description.
Enabled
detail extensive nonePhysical interface index number, which reflects its initialization sequence.Interface index
detail extensive noneSNMP index number for the physical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsType of interface.Type
All levelsEncapsulation type used on the physical interface.Link-level type
All levelsSize of the largest packet to be transmitted.MTU
All levelsReference clock source of the interface.Clocking
All levelsNetwork speed on the interface.Speed
All levelsInformation about the physical device. Possible values are described in the“Device Flags” section under Common Output Fields Description.
Device flags
All levelsInformation about the interface. Possible values are described in the “InterfaceFlags” section under Common Output Fields Description.
Interface flags
detail extensiveData transmission type.Link type
detail extensive noneInformation about the link. Possible values are described in the “Link Flags”section under Common Output Fields Description.
Link flags
detail extensiveInformation about the physical interface.Physical info
detail extensiveCurrent interface hold-time up and hold-time down. Value is in milliseconds.Hold-times
detail extensiveConfigured MAC address.Current address
detail extensiveMedia access control (MAC) address of the interface.Hardware address
detail extensiveBackup link address.Alternate linkaddress
detail extensiveDate, time, and how long ago the interface went from down to up. The formatisLast flapped:year-month-dayhour:minute:secondtimezone (hour:minute:secondago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Last flapped
609Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 28: Loopback show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveTime when the statistics for the interface were last set to zero.Statistics lastcleared
detail extensiveNumber and rate of bytes andpackets receivedand transmittedon thephysicalinterface.
• Input bytes, Output bytes—Number of bytes received and transmitted on theinterface.
• Input packets, Output packets—Number of packets received and transmittedon the interface.
Traffic statistics
extensive• Errors—Input errors on the interface.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC.
• Framing errors—Number of packets receivedwith an invalid frame checksum(FCS).
• Runts—Frames received smaller than the runt threshold.
• Giants—Frames received larger than the giant threshold.
• Policed Discards—Frames that the incoming packet match code discardedbecause the frameswere not recognized or were not of interest. Usually, thisfield reports protocols that Junos does not support.
• Resource errors—Sum of transmit drops.
Input errors
extensive• Carrier transitions—Number of times the interface has gone from down to up.This number does not normally increment quickly, increasing only when thecable is unplugged, the far-end system is powered down and then up, oranotherproblemoccurs. If thenumberofcarrier transitions incrementsquickly,possibly onceevery 10seconds, thecable, the remote system,or the interfaceis malfunctioning.
• Errors—Sum of outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC. If the interface is saturated, this number increments once for everypacket dropped by the ASIC REDmechanism.
• MTU errors—Number of packets larger than the MTU threshold.
• Resource errors—Sum of transmit drops.
Output errors
Logical Interface
All levelsName of the logical interface.Logical interface
detail extensiveLogical interface index number, which reflects its initialization sequence.Index
detail extensiveLogical interface SNMP interface index number.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
brief detail extensiveInformation about the logical interface; values are described in the “LogicalInterface Flags” section under Common Output Fields Description.
Flags
brief detail extensiveEncapsulation on the logical interface.Encapsulation
Copyright © 2018, Juniper Networks, Inc.610
Broadband Subscriber ManagementWholesale Feature Guide
Table 28: Loopback show interfaces Output Fields (continued)
Level of OutputField DescriptionField Name
None specifiedNumber of packets received on the logical interface.Input packets
None specifiedNumber of packets transmitted on the logical interface.Output packets
detail extensiveTotal number of bytes and packets received and transmitted on the logicalinterface. These statistics are the sum of the local and transit statistics. Whenaburst of traffic is received, the value in theoutputpacket rate fieldmightbrieflyexceed the peak cell rate. It takes awhile (generally, less than 1 second) for thiscounter to stabilize.
Traffic statistics
detail extensiveStatistics for traffic received fromand transmitted to the Routing Engine.Whenaburst of traffic is received, the value in theoutputpacket rate fieldmightbrieflyexceed the peak cell rate. It takes awhile (generally, less than 1 second) for thiscounter to stabilize.
Local statistics
detail extensive noneProtocol family configured on the logical interface (such as iso or inet6).Protocol
detail extensive noneMTU size on the logical interface.MTU
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensiveRoute table in which this address exists; for example, Route table:0 refers toinet.0.
Route Table
detail extensive noneInformation about the protocol family flags. Possible values are described inthe “Family Flags” section under Common Output Fields Description.
Flags
detail extensiveInformation about the address flags. Possible values are described in the“Addresses Flags” section under Common Output Fields Description.
Addresses, Flags
detail extensive noneIP address of the remote side of the connection.Destination
detail extensive noneIP address of the logical interface.Local
detail extensive noneBroadcast address on the logical interface.Broadcast
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
Sample Output
show interfaces (Loopback)
user@host> show interfaces lo0Physical interface: lo0, Enabled, Physical link is Up Interface index: 6, SNMP ifIndex: 6 Type: Loopback, MTU: Unlimited Device flags : Present Running Loopback Interface flags: SNMP-Traps Link flags : None
611Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Last flapped : Never Input packets : 0 Output packets: 0
Logical interface lo0.0 (Index 64) (SNMP ifIndex 16) Flags: SNMP-Traps Encapsulation: Unspecified Input packets : 0 Output packets: 0 Protocol inet, MTU: Unlimited Flags: None Addresses, Flags: Is-Default Is-Primary Local: 203.0.113.1 Addresses Local: 127.0.0.1 Protocol iso, MTU: Unlimited Flags: None Addresses, Flags: Is-Default Is-Primary Local: 49.0004.1000.0000.0001
Logical interface lo0.16385 (Index 65) (SNMP ifIndex 76) Flags: SNMP-Traps Encapsulation: Unspecified Input packets : 0 Output packets: 0 Protocol inet, MTU: Unlimited Flags: None
show interfaces brief (Loopback)
user@host> show interfaces lo0 briefPhysical interface: lo0, Enabled, Physical link is Up Type: Loopback, Link-level type: Unspecified, MTU: Unlimited, Clocking: Unspecified, Speed: Unspecified Device flags : Present Running Loopback Interface flags: SNMP-Traps
Logical interface lo0.0 Flags: SNMP-Traps Encapsulation: Unspecified inet 203.0.113.1 --> 0/0 127.0.0.1 --> 0/0 iso 49.0004.1000.0000.0001
Logical interface lo0.16385 Flags: SNMP-Traps Encapsulation: Unspecified inet
show interfaces detail (Loopback)
user@host> show interfaces lo0 detailPhysical interface: lo0, Enabled, Physical link is Up Interface index: 6, SNMP ifIndex: 6, Generation: 4 Type: Loopback, Link-level type: Unspecified, MTU: Unlimited, Clocking: Unspecified, Speed: Unspecified Device flags : Present Running Loopback Interface flags: SNMP-Traps Link type : Unspecified Link flags : None Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unspecified Alternate link address: Unspecified
Copyright © 2018, Juniper Networks, Inc.612
Broadband Subscriber ManagementWholesale Feature Guide
Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Logical interface lo0.0 (Index 64) (SNMP ifIndex 16) (Generation 3) Flags: SNMP-Traps Encapsulation: Unspecified Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0
Protocol inet, MTU: Unlimited, Generation: 10, Route table: 0 Flags: None Addresses, Flags: Is-Default Is-Primary Destination: Unspecified, Local: 203.0.113.1, Broadcast: Unspecified, Generation: 10 Addresses, Flags: None Destination: Unspecified, Local: 127.0.0.1, Broadcast: Unspecified, Generation: 12 Protocol iso, MTU: Unlimited, Generation: 11, Route table: 0 Flags: None Addresses, Flags: Is-Default Is-Primary Destination: Unspecified, Local: 49.0004.1000.0000.0001, Broadcast: Unspecified, Generation: 14
Logical interface lo0.16385 (Index 65) (SNMP ifIndex 76) (Generation 4) Flags: SNMP-Traps Encapsulation: Unspecified Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: Unlimited, Generation: 12, Route table: 1 Flags: None
show interfaces extensive (Loopback)
user@host> show interfaces lo0 extensivePhysical interface: lo0, Enabled, Physical link is Up Interface index: 6, SNMP ifIndex: 6, Generation: 4 Type: Loopback, Link-level type: Unspecified, MTU: Unlimited, Clocking: Unspecified, Speed: Unspecified Device flags : Present Running Loopback Interface flags: SNMP-Traps Link type : Unspecified Link flags : None
613Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unspecified Alternate link address: Unspecified Last flapped : Never Statistics last cleared: Never Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0
Logical interface lo0.0 (Index 64) (SNMP ifIndex 16) (Generation 3) Flags: SNMP-Traps Encapsulation: Unspecified Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: Unlimited, Generation: 10, Route table: 0 Flags: None Addresses, Flags: Is-Default Is-Primary Destination: Unspecified, Local: 203.0.113.1, Broadcast: Unspecified, Generation: 10 Addresses, Flags: None Destination: Unspecified, Local: 127.0.0.1, Broadcast: Unspecified, Generation: 12 Protocol iso, MTU: Unlimited, Generation: 11, Route table: 0 Flags: None Addresses, Flags: Is-Default Is-Primary Destination: Unspecified, Local: 49.0004.1000.0000.0001, Broadcast: Unspecified, Generation: 14
Logical interface lo0.16385 (Index 65) (SNMP ifIndex 76) (Generation 4) Flags: SNMP-Traps Encapsulation: Unspecified Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: Unlimited, Generation: 12, Route table: 1 Flags: None
Copyright © 2018, Juniper Networks, Inc.614
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces (PPPoE)
Syntax show interfaces pp0.logical<brief | detail | extensive | terse><descriptions><media><snmp-index snmp-index><statistics>
Release Information Command introduced before Junos OS Release 7.4.
Description (M120 routers, M320 routers, and MX Series routers only). Display status information
about the PPPoE interface.
Options pp0.logical—Display standard status information about the PPPoE interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about PPPoE interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP indexof the interface.
statistics—(Optional) Display PPPoE interface statistics.
Required PrivilegeLevel
view
List of Sample Output show interfaces (PPPoE) on page 621show interfaces (PPPoE over Aggregated Ethernet) on page 621show interfaces brief (PPPoE) on page 622show interfaces detail (PPPoE) on page 622show interfaces extensive (PPPoE onM120 andM320 Routers) on page 623
Output Fields Table 29 on page 615 lists the output fields for the show interfaces (PPPoE) command.
Output fields are listed in the approximate order in which they appear.
Table 29: show interfaces (PPPoE) Output Fields
Level of OutputField DescriptionField Name
Physical Interface
All levelsName of the physical interface.Physical interface
All levelsState of the interface. Possible values are described in the “Enabled Field”section under Common Output Fields Description.
Enabled
detail extensive nonePhysical interface index number, which reflects its initialization sequence.Interface index
615Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 29: show interfaces (PPPoE) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneSNMP index number for the physical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsPhysical interface type (PPPoE).Type
All levelsEncapsulation on the physical interface (PPPoE).Link-level type
All levelsMTU size on the physical interface.MTU
All levelsReference clock source. It can be Internal or External.Clocking
All levelsSpeed at which the interface is running.Speed
All levelsInformation about the physical device. Possible values are described in the“Device Flags” section under Common Output Fields Description.
Device flags
All levelsInformation about the interface. Possible values are described in the “InterfaceFlags” section under Common Output Fields Description.
Interface flags
All levelsPhysical interface link type: full duplex or half duplex.Link type
All levelsInformationabout the interface. Possible valuesaredescribed in the “Link Flags”section under Common Output Fields Description.
Link flags
None specifiedInput rate in bits per second (bps) and packets per second (pps).Input rate
None specifiedOutput rate in bps and pps.Output rate
All levelsPhysical interface information.Physical Info
detail extensiveCurrent interface hold-time up and hold-time down, in milliseconds.Hold-times
detail extensiveConfigured MAC address.Current address
detail extensiveMAC address of the hardware.Hardware address
detail extensiveBackup address of the link.Alternate linkaddress
detail extensiveTime when the statistics for the interface were last set to zero.Statistics lastcleared
Copyright © 2018, Juniper Networks, Inc.616
Broadband Subscriber ManagementWholesale Feature Guide
Table 29: show interfaces (PPPoE) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveNumber and rate of bytes andpackets receivedand transmittedon thephysicalinterface.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Traffic statistics
detail extensiveNumber of IPv6 transit bytes and packets received and transmitted on thephysical interface if IPv6 statistics tracking is enabled.
NOTE: These fields includedropped traffic andexception traffic, as those fieldsare not separately defined.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
IPv6 transitstatistics
extensiveInput errors on the interface:
• Errors—Sum of incoming frame aborts and FCS errors.
• Drops—Number of packets dropped by the input queue of the I/O ManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• Framing errors—Number of packets receivedwith an invalid frame checksum(FCS).
• Runts—Number of frames received that are smaller than the runt threshold.
• Giants—Number of frames received that are larger than the giant threshold.
• Policed discards—Number of frames that the incoming packet match codediscarded because they were not recognized or not of interest. Usually, thisfield reports protocols that the Junos OS does not handle.
• Resource errors—Sum of B chip Tx drops and IXP Tx net transmit drops.
Input errors
extensiveOutput errors on the interface. The following paragraphs explain the counterswhosemeaning might not be obvious:
• Carrier transitions—Number of times the interface has gone from down to up.This number does not normally increment quickly, increasing only when thecable is unplugged, the far-end system is powered down and then up, oranotherproblemoccurs. If thenumberof carrier transitions incrementsquickly(perhaps once every 10 seconds), then the cable, the far-end system, or thePIM is malfunctioning.
• Errors—Sum of the outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• MTUerrors—NumberofpacketswhosesizeexceededtheMTUof the interface.
• Resource errors—Sum of B chip Tx drops and IXP Tx net transmit drops.
Output errors
Logical Interface
617Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 29: show interfaces (PPPoE) Output Fields (continued)
Level of OutputField DescriptionField Name
All levelsName of the logical interface.Logical interface
detail extensive noneLogical interface index number (which reflects its initialization sequence).Index
detail extensive noneLogical interface SNMP interface index number.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
All levelsInformation about the logical interface. Possible values are described in the“Logical Interface Flags” section under Common Output Fields Description.
Flags
All levelsType of encapsulation configured on the logical interface.Encapsulation
detailPPP status:
• LCP restart timer—Length of time (inmilliseconds) between successive LinkControl Protocol (LCP) configuration requests.
• NCP restart timer—Length of time (in milliseconds) between successiveNetwork Control Protocol (NCP) configuration requests.
PPP parameters
All levelsPPPoE status:
• State—State of the logical interface (up or down).
• Session ID—PPPoE session ID.
• Service name—Type of service required. Can be used to indicate an Internetservice provider (ISP) name or a class or quality of service.
• Configured AC name—Configured access concentrator name.
• Auto-reconnect timeout—Time after which to try to reconnect after a PPPoEsession is terminated, in seconds.
• IdleTimeout—Lengthof time(in seconds) thataconnectioncanbe idlebeforedisconnecting.
• Underlying interface—Interface on which PPPoE is running.
PPPoE
All levelsName of the physical interfaces for member links in an aggregated Ethernetbundle for a PPPoE over aggregated Ethernet configuration. PPPoE traffic goesout on these interfaces.
Link
detail extensiveTotal number of bytes and packets received and transmitted on the logicalinterface. These statistics are the sum of the local and transit statistics. Whenaburst of traffic is received, the value in theoutputpacket rate fieldmightbrieflyexceed the peak cell rate. This counter usually takes less than 1 second tostabilize.
Traffic statistics
Copyright © 2018, Juniper Networks, Inc.618
Broadband Subscriber ManagementWholesale Feature Guide
Table 29: show interfaces (PPPoE) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveNumber of IPv6 transit bytes and packets received and transmitted on thelogical interface if IPv6 statistics tracking is enabled.
NOTE: Thepacket andbyte counts in these fields include traffic that is droppedand does not leave the router.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
IPv6 transitstatistics
detail extensiveStatistics for traffic received fromand transmitted to the Routing Engine.Whenaburst of traffic is received, the value in theoutputpacket rate fieldmightbrieflyexceed the peak cell rate. This counter usually takes less than 1 second tostabilize.
Local statistics
detail extensiveStatistics for traffic transiting the router. When a burst of traffic is received, thevalue in the output packet rate fieldmight briefly exceed the peak cell rate. Thiscounter usually takes less than 1 second to stabilize.
NOTE: Thepacket andbyte counts in these fields include traffic that is droppedand does not leave the router.
Transit statistics
detail extensive(PPP and HDLC) Configured settings for keepalives.
• intervalseconds—The time in secondsbetweensuccessive keepalive requests.The range is 10 seconds through 32,767 seconds,with adefault of 10 seconds.
• down-countnumber—The number of keepalive packets a destination mustfail to receive before the network takes a link down. The range is 1 through255, with a default of 3.
• up-countnumber—Thenumberofkeepalivepacketsadestinationmust receiveto change a link’s status from down to up. The range is 1 through 255, with adefault of 1.
Keepalive settings
detail extensive(PPP and HDLC) Information about keepalive packets.
• Input—Number of keepalive packets received by PPP.
• (last seen 00:00:00 ago)—Time the last keepalive packet was received,in the format hh:mm:ss.
• Output—Number of keepalive packets sent byPPPandhow longago the lastkeepalive packets were sent and received.
• (last seen 00:00:00 ago)—Time the last keepalive packet was sent, in theformat hh:mm:ss.
(MXSeries routerswithMPCs/MICs)WhenanMXSeries routerwithMPCs/MICsis using PPP fast keepalive for a PPP link, the display does not include thenumber of keepalive packets received or sent, or the amount of time since therouter received or sent the last keepalive packet.
Keepalive statistics
None specifiedNumber of packets received on the logical interface.Input packets
None specifiedNumber of packets transmitted on the logical interface.Output packets
619Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 29: show interfaces (PPPoE) Output Fields (continued)
Level of OutputField DescriptionField Name
none detail extensive(PPP) Link Control Protocol state.
• Conf-ack-received—Acknowledgement was received.
• Conf-ack-sent—Acknowledgement was sent.
• Conf-req-sent—Request was sent.
• Down—LCP negotiation is incomplete (not yet completed or has failed).
• Not-configured—LCP is not configured on the interface.
• Opened—LCP negotiation is successful.
LCP state
detail extensive none(PPP) Network Control Protocol state.
• Conf-ack-received—Acknowledgement was received.
• Conf-ack-sent—Acknowledgement was sent.
• Conf-req-sent—Request was sent.
• Down—NCP negotiation is incomplete (not yet completed or has failed).
• Not-configured—NCP is not configured on the interface.
• Opened—NCP negotiation is successful.
NCP state
none detail extensive(PPP) Displays the state of the Challenge Handshake Authentication Protocol(CHAP) during its transaction.
• Chap-Chal-received—Challenge was received but response not yet sent.
• Chap-Chal-sent—Challenge was sent.
• Chap-Resp-received—Response was received for the challenge sent, butCHAP has not yet moved into the Success state. (Most likely with RADIUSauthentication.)
• Chap-Resp-sent—Response was sent for the challenge received.
• Closed—CHAP authentication is incomplete.
• Failure—CHAP authentication failed.
• Not-configured—CHAP is not configured on the interface.
• Success—CHAP authentication was successful.
CHAP state
detail extensive noneProtocol family configured on the logical interface.Protocol
briefProtocol family configured on the logical interface. If the protocol is inet, the IPaddress of the interface is also displayed.
protocol-family
detail extensive noneMTU size on the logical interface.MTU
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensive noneRouting table in which the logical interface address is located. For example, 0refers to the routing table inet.0.
Route table
detail extensive noneInformation about the protocol family flags. Possible values are described inthe “Family Flags” section under Common Output Fields Description.
Flags
Copyright © 2018, Juniper Networks, Inc.620
Broadband Subscriber ManagementWholesale Feature Guide
Table 29: show interfaces (PPPoE) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneInformation about the addresses configured for the protocol family. Possiblevalues are described in the “Addresses Flags” section under Common OutputFields Description.
Addresses, Flags
detail extensive noneIP address of the remote side of the connection.Destination
detail extensive noneIP address of the logical interface.Local
detail extensive noneBroadcast address.Broadcast
Sample Output
show interfaces (PPPoE)
user@host> show interfaces pp0Physical interface: pp0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 24 Type: PPPoE, Link-level type: PPPoE, MTU: 1532 Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Link type : Full-Duplex Link flags : None Input rate : 0 bps (0 pps) Output rate : 0 bps (0 pps)
Logical interface pp0.0 (Index 72) (SNMP ifIndex 72) Flags: Hardware-Down Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPPoE PPPoE: State: SessionDown, Session ID: None, Service name: None, Configured AC name: sapphire, Auto-reconnect timeout: 100 seconds, Idle timeout: Never, Underlying interface: at-5/0/0.0 (Index 70) Input packets : 0 Output packets: 0 LCP state: Not-configured NCP state: inet: Not-configured, inet6: Not-configured, iso: Not-configured, mpls: Not-configured CHAP state: Closed Protocol inet, MTU: 100 Flags: User-MTU, Negotiate-Address
show interfaces (PPPoE over Aggregated Ethernet)
user@host> show interfaces pp0.1073773821Logical interface pp0.1073773821 (Index 80) (SNMP ifIndex 32584) Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPPoE PPPoE: State: SessionUp, Session ID: 1, Session AC name: alcor, Remote MAC address: 00:00:5e:00:53:01, Underlying interface: demux0.100 (Index 88) Link: ge-1/0/0.32767 ge-1/0/1.32767
621Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Input packets : 6 Output packets: 6 LCP state: Opened NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured CHAP state: Closed PAP state: Success Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re Addresses, Flags: Is-Primary Local: 203.0.113.1
show interfaces brief (PPPoE)
user@host> show interfaces pp0 briefPhysical interface: pp0, Enabled, Physical link is Up Type: PPPoE, Link-level type: PPPoE, MTU: 1532, Speed: Unspecified Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps
Logical interface pp0.0 Flags: Hardware-Down Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPPoE PPPoE: State: SessionDown, Session ID: None, Service name: None, Configured AC name: sapphire, Auto-reconnect timeout: 100 seconds, Idle timeout: Never, Underlying interface: at-5/0/0.0 (Index 70) inet
show interfaces detail (PPPoE)
user@host> show interfaces pp0 detailPhysical interface: pp0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 24, Generation: 9 Type: PPPoE, Link-level type: PPPoE, MTU: 1532, Speed: Unspecified Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Link type : Full-Duplex Link flags : None Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unspecified Alternate link address: Unspecified Statistics last cleared: Never Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps Logical interface pp0.0 (Index 72) (SNMP ifIndex 72) (Generation 14) Flags: Hardware-Down Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPPoE PPPoE: State: SessionDown, Session ID: None, Service name: None, Configured AC name: sapphire, Auto-reconnect timeout: 100 seconds, Idle timeout: Never, Underlying interface: at-5/0/0.0 (Index 70) Traffic statistics: Input bytes : 0 Output bytes : 0 Input packets: 0
Copyright © 2018, Juniper Networks, Inc.622
Broadband Subscriber ManagementWholesale Feature Guide
Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps LCP state: Not-configured NCP state: inet: Not-configured, inet6: Not-configured, iso: Not-configured, mpls: Not-configured CHAP state: Closed Protocol inet, MTU: 100, Generation: 14, Route table: 0 Flags: User-MTU, Negotiate-Address
show interfaces extensive (PPPoE onM120 andM320 Routers)
user@host> show interfaces pp0 extensivePhysical interface: pp0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 93, Generation: 129 Type: PPPoE, Link-level type: PPPoE, MTU: 1532, Speed: Unspecified Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Link type : Full-Duplex Link flags : None Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unspecified Alternate link address: Unspecified Statistics last cleared: Never Traffic statistics: Input bytes : 972192 0 bps Output bytes : 975010 0 bps Input packets: 1338 0 pps Output packets: 1473 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0
Logical interface pp0.0 (Index 69) (SNMP ifIndex 96) (Generation 194) Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPPoE PPPoE: State: SessionUp, Session ID: 26, Session AC name: None, AC MAC address: 00:00:5e:00:53:12, Service name: None, Configured AC name: None, Auto-reconnect timeout: Never, Idle timeout: Never, Underlying interface: ge-3/0/1.0 (Index 67) Traffic statistics: Input bytes : 252
623Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Output bytes : 296 Input packets: 7 Output packets: 8 IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 252 Output bytes : 296 Input packets: 7 Output packets: 8 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Keepalive settings: Interval 10 seconds, Up-count 1, Down-count 3 Keepalive statistics: Input : 1 (last seen 00:00:00 ago) Output: 1 (last sent 00:00:03 ago) LCP state: Opened NCP state: inet: Opened, inet6: Not-configured, iso: Not-configured, mpls: Not-configured CHAP state: Closed PAP state: Closed Protocol inet, MTU: 1492, Generation: 171, Route table: 0 Flags: None Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113.2, Local: 203.0.113.1, Broadcast: Unspecified, Generation: 206
Copyright © 2018, Juniper Networks, Inc.624
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces demux0 (Demux Interfaces)
Syntax show interfaces demux0.logical-interface-number<brief | detail | extensive | terse><descriptions><media><snmp-index snmp-index><statistics>
Release Information Command introduced in Junos OS Release 9.0.
Description (MX Series and M Series routers only) Display status information about the specified
demux interface.
Options none—Display standard information about the specified demux interface.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
descriptions—(Optional) Display interface description strings.
media—(Optional) Display media-specific information about network interfaces.
snmp-index snmp-index—(Optional) Display information for the specified SNMP indexof the interface.
statistics—(Optional) Display static interface statistics.
Required PrivilegeLevel
view
RelatedDocumentation
Verifying and Managing Agent Circuit Identifier-Based Dynamic VLAN Configuration•
List of Sample Output show interfaces demux0 (Demux) on page 631show interfaces demux0 (PPPoE over Aggregated Ethernet) on page 632show interfaces demux0 extensive (Targeted Distribution for Aggregated EthernetLinks) on page 633show interfaces demux0 (ACI Interface Set Configured) on page 633
Output Fields Table 30 on page 625 lists the output fields for the show interfaces demux0 (Demux
Interfaces) command. Output fields are listed in the approximate order in which they
appear.
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields
Level of OutputField DescriptionField Name
Physical Interface
625Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields (continued)
Level of OutputField DescriptionField Name
brief detail extensivenone
Name of the physical interface.Physical interface
brief detail extensivenone
Indexnumber of thephysical interface,which reflects its initialization sequence.Interface index
brief detail extensivenone
State of the interface. Possible values are described in the “Enabled Field”section under Common Output Fields Description.
Enabled
detail extensive noneStatus of the physical link (Up or Down).Physical link
terseAdministrative state of the interface (Up or Down).Admin
detail extensive noneIndexnumber of thephysical interface,which reflects its initialization sequence.Interface index
terseStatus of the physical link (Up or Down).Link
extensiveStatusofaggregatedEthernet links thatareconfiguredwith targeteddistribution(primary or backup)
Targeting summary
extensiveBandwidth allocated to the aggregated Ethernet links that are configured withtargeted distribution.
Bandwidth
terseProtocol family configured on the interface.Proto
detail extensive noneSNMP index number for the physical interface.SNMP ifIndex
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
brief detail extensivenone
Type of interface. Software-Pseudo indicates a standard software interfacewith no associated hardware device.
Type
brief detail extensiveEncapsulation being used on the physical interface.Link-level type
brief detail extensiveMaximum transmission unit size on the physical interface.MTU
brief detail extensiveReference clock source: Internal (1) or External (2).Clocking
brief detail extensiveSpeed at which the interface is running.Speed
brief detail extensivenone
Information about the physical device. Possible values are described in the“Device Flags” section under Common Output Fields Description.
Device flags
brief detail extensivenone
Information about the interface. Possible values are described in the “InterfaceFlags” section under Common Output Fields Description.
Interface flags
detail extensive noneData transmission type.Link type
Copyright © 2018, Juniper Networks, Inc.626
Broadband Subscriber ManagementWholesale Feature Guide
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive noneInformation about the link. Possible values are described in the “Link Flags”section under Common Output Fields Description.
Link flags
detail extensiveInformation about the physical interface.Physical info
detail extensiveCurrent interface hold-time up and hold-time down, in milliseconds.Hold-times
detail extensiveConfigured MAC address.Current address
detail extensiveHardware MAC address.Hardware address
detail extensiveBackup address of the link.Alternate linkaddress
detail extensive noneDate, time, and how long ago the interface went from down to up. The formatisLast flapped:year-month-dayhour:minute:second:timezone (hour:minute:secondago). For example, Last flapped: 2002-04-26 10:52:40 PDT (04:33:20 ago).
Last flapped
detail extensiveTime when the statistics for the interface were last set to zero.Statistics lastcleared
detail extensiveNumber and rate of bytes andpackets receivedand transmittedon thephysicalinterface.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
• IPv6 transit statistics—Number of IPv6 transit bytes and packets receivedand transmittedon thephysical interface if IPv6statistics tracking is enabled.
NOTE: These fields include dropped traffic and exception traffic, as thosefields are not separately defined.
• Input bytes—Number of bytes received on the interface
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Traffic statistics
627Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields (continued)
Level of OutputField DescriptionField Name
extensiveInput errors on the interface whose definitions are as follows:
• Errors—Sum of the incoming frame aborts and FCS errors.
• Drops—Number of packets dropped by the input queue of the I/O ManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• Framing errors—Number of packets receivedwith an invalid frame checksum(FCS).
• Runts—Number of frames received that are smaller than the runt threshold.
• Giants—Number of frames received that are larger than the giant packetthreshold.
• Policed discards—Number of frames that the incoming packet match codediscarded because they were not recognized or not of interest. Usually, thisfield reports protocols that the Junos OS does not handle.
• Resource errors—Sum of transmit drops.
Input errors
noneInput rate in bits per second (bps) and packets per second (pps).Input Rate
extensiveOutput errors on the interface. The following paragraphs explain the counterswhosemeaning might not be obvious:
• Carrier transitions—Number of times the interface has gone from down to up.This number does not normally increment quickly, increasing only when thecable is unplugged, the far-end system is powered down and then up, oranotherproblemoccurs. If thenumberof carrier transitions incrementsquickly(perhaps once every 10 seconds), the cable, the far-end system, or the PICor PIM is malfunctioning.
• Errors—Sum of the outgoing frame aborts and FCS errors.
• Drops—Number of packets dropped by the output queue of the I/OManagerASIC. If the interface is saturated, this number increments once for everypacket that is dropped by the ASIC's REDmechanism.
• MTUerrors—NumberofpacketswhosesizeexceededtheMTUof the interface.
• Resource errors—Sum of transmit drops.
Output errors
noneOutput rate in bps and pps.Output Rate
Logical Interface
brief detail extensivenone
Name of the logical interface.Logical interface
detail extensive noneIndex number of the logical interface, which reflects its initialization sequence.Index
detail extensive noneSNMP interface index number for the logical interface.SNMP ifIndex
detailUnique number for use by Juniper Networks technical support only.Generation
brief detail extensivenone
Information about the logical interface. Possible values are described in the“Logical Interface Flags” section under Common Output Fields Description.
Flags
brief extensive noneEncapsulation on the logical interface.Encapsulation
Copyright © 2018, Juniper Networks, Inc.628
Broadband Subscriber ManagementWholesale Feature Guide
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields (continued)
Level of OutputField DescriptionField Name
brief detail extensivenone
Name of the dynamic profile that defines the agent circuit identifier (ACI)interface set. If configured, the ACI interface set enables the underlying demuxinterface to create dynamic VLAN subscriber interfaces based on ACIinformation.
ACIVLAN:DynamicProfile
detail extensive noneSpecific IP demultiplexing (demux) values:
• Underlying interface—Theunderlying interface that the demux interface uses.
• Index—Index number of the logical interface.
• Family—Protocol family configured on the logical interface.
• Source prefixes, total—Total number of source prefixes for the underlyinginterface.
• Destination prefixes, total—Total number of destination prefixes for theunderlying interface.
• Prefix—inet family prefix.
Demux
briefProtocol family configured on the logical interface.protocol-family
detail extensiveNumberand rateofbytesandpackets receivedand transmittedon the specifiedinterface set.
• Input bytes, Output bytes—Number of bytes received and transmitted on theinterface set.
• Input packets, Output packets—Number of packets received and transmittedon the interface set.
• IPv6 transit statistics—Number of IPv6 transit bytes and packets receivedand transmitted on the logical interface if IPv6 statistics tracking is enabled.
NOTE: The packet and byte counts in these fields include traffic that isdropped and does not leave the router.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Traffic statistics
detail extensiveNumber of transit bytes and packets received and transmitted on the localinterface.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Local statistics
629Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensiveNumber and rate of bytes and packets transiting the switch.
NOTE: Thepacket andbyte counts in these fields include traffic that is droppedand does not leave the router.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
Transit statistics
detail extensiveNumber of IPv6 transit bytes and packets received and transmitted on thelogical interface if IPv6 statistics tracking is enabled.
NOTE: Thepacket andbyte counts in these fields include traffic that is droppedand does not leave the router.
• Input bytes—Number of bytes received on the interface.
• Output bytes—Number of bytes transmitted on the interface.
• Input packets—Number of packets received on the interface.
• Output packets—Number of packets transmitted on the interface.
IPv6 Transitstatistics
noneNumber of packets received on the interface.Input packets
noneNumber of packets transmitted on the interface.Output packets
detail extensive noneProtocol family. Possible values are described in the “Protocol Field” sectionunder Common Output Fields Description.
Protocol
detail extensive noneMaximum transmission unit size on the logical interface.MTU
detail extensive noneMaximum number of MPLS labels configured for the MPLS protocol family onthe logical interface.
Maximum labels
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensiveRoute table in which the logical interface address is located. For example, 0refers to the routing table inet.0.
Route table
detail extensive noneInformation about protocol family flags. Possible values are described in the“Family Flags” section under Common Output Fields Description.
Flags
detail extensive noneNumber of MAC address validation failures for packets and bytes. This field isdisplayed when MAC address validation is enabled for the logical interface.
Mac-ValidateFailures
detail extensive noneInformation about the address flags. Possible values are described in the“Addresses Flags” section under Common Output Fields Description.
Addresses, Flags
detail extensivestatistics none
IP address of the remote side of the connection.Destination
Copyright © 2018, Juniper Networks, Inc.630
Broadband Subscriber ManagementWholesale Feature Guide
Table 30: show interfaces demux0 (Demux Interfaces) Output Fields (continued)
Level of OutputField DescriptionField Name
detail extensive tersenone
IP address of the logical interface.Local
terseIP address of the remote interface.Remote
detail extensive noneBroadcast address of the logical interlace.Broadcast
detail extensiveUnique number for use by Juniper Networks technical support only.Generation
detail extensive noneName of the physical interfaces for member links in an aggregated Ethernetbundle for a PPPoE over aggregated Ethernet configuration. PPPoE traffic goesout on these interfaces.
Link
detail extensive noneName of the PPPoE dynamic profile assigned to the underlying interface.Dynamic-profile
detail extensive noneName of the PPPoE service name table assigned to the PPPoE underlyinginterface.
ServiceNameTable
detail extensive noneMaximum number of dynamic PPPoE logical interfaces that the router canactivate on the underlying interface.
Max Sessions
detail extensive noneState of duplicate protection:On orOff. Duplicate protection prevents theactivation of another dynamic PPPoE logical interface on the same underlyinginterface when a dynamic PPPoE logical interface for a client with the sameMAC address is already active on that interface.
DuplicateProtection
detail extensive noneStateof theconfiguration to ignoreDSLForumVSAs:OnorOff.Whenconfigured,the router ignores any of these VSAs received from a directly connected CPEdevice on the interface.
Direct Connect
detail extensive noneName of the access concentrator.ACName
Sample Output
show interfaces demux0 (Demux)
user@host> show interfaces demux0Physical interface: demux0, Enabled, Physical link is Up Interface index: 128, SNMP ifIndex: 79, Generation: 129 Type: Software-Pseudo, Link-level type: Unspecified, MTU: 9192, Clocking: 1, Speed: Unspecified Device flags : Present Running Interface flags: Point-To-Point SNMP-Traps Link type : Full-Duplex Link flags : None Physical info : Unspecified Hold-times : Up 0 ms, Down 0 ms Current address: Unspecified, Hardware address: Unspecified Alternate link address: Unspecified Last flapped : Never Statistics last cleared: Never
631Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Traffic statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Input errors: Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0 Output errors: Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0
Logical interface demux0.0 (Index 87) (SNMP ifIndex 84) (Generation 312) Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 Demux: Underlying interface: ge-2/0/1.0 (Index 74) Family Inet Source prefixes, total 1 Prefix: 203.0.113/24 Traffic statistics: Input bytes : 0 Output bytes : 1554 Input packets: 0 Output packets: 37 IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 1554 Input packets: 0 Output packets: 37 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: 1500, Generation: 395, Route table: 0 Flags: Is-Primary, Mac-Validate-Strict Mac-Validate Failures: Packets: 0, Bytes: 0 Addresses, Flags: Is-Preferred Is-Primary Destination: 203.0.113/24, Local: 203.0.113.13, Broadcast: 203.0.113.255,
Generation: 434
show interfaces demux0 (PPPoE over Aggregated Ethernet)
user@host> show interfaces demux0.100Logical interface demux0.100 (Index 76) (SNMP ifIndex 61160) Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.100 ]
Copyright © 2018, Juniper Networks, Inc.632
Broadband Subscriber ManagementWholesale Feature Guide
Encapsulation: ENET2 Demux: Underlying interface: ae0 (Index 199) Link: ge-1/0/0 ge-1/1/0 Input packets : 0 Output packets: 0 Protocol pppoe Dynamic Profile: pppoe-profile, Service Name Table: service-table1, Max Sessions: 100, Duplicate Protection: On, Direct Connect: Off, AC Name: pppoe-server-1
show interfaces demux0 extensive (Targeted Distribution for Aggregated Ethernet Links)
user@host> show interfaces demux0.1073741824 extensive
Logical interface demux0.1073741824 (Index 75) (SNMP ifIndex 558) (Generation 346) Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.1 ] Encapsulation: ENET2 Demux: Underlying interface: ae0 (Index 201) Link: ge-1/0/0 ge-1/1/0 ge-2/0/7 ge-2/0/8 Targeting summary: ge-1/1/0, primary, Physical link is Up ge-2/0/8, backup, Physical link is Up Bandwidth: 1000mbps
show interfaces demux0 (ACI Interface Set Configured)
user@host> show interfaces demux0.1073741827 Logical interface demux0.1073741827 (Index 346) (SNMP ifIndex 527) Flags: SNMP-Traps 0x4000 VLAN-Tag [ 0x8100.1802 0x8100.302 ] Encapsulation: ENET2 Demux: Source Family Inet ACI VLAN: Dynamic Profile: aci-vlan-set-profile Demux: Underlying interface: ge-1/0/0 (Index 138) Input packets : 18 Output packets: 16 Protocol inet, MTU: 1500 Flags: Sendbcast-pkt-to-re, Unnumbered Donor interface: lo0.0 (Index 322) Preferred source address: 203.0.113.202 Addresses, Flags: Primary Is-Default Is-Primary Local: 203.0.113.119 Protocol pppoe Dynamic Profile: aci-vlan-pppoe-profile, Service Name Table: None, Max Sessions: 32000, Max Sessions VSA Ignore: Off, Duplicate Protection: On, Short Cycle Protection: Off, Direct Connect: Off, AC Name: nbc
633Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Copyright © 2018, Juniper Networks, Inc.634
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces filters
Syntax show interfaces filters<interface-name>
Release Information Command introduced before Junos OS Release 7.4.
Command introduced on PTX Series Packet Transport Routers for Junos OS Release
12.1.
Description Display all firewall filters that are installed on each interface in a system.
Options none—Display filter information about all interfaces.
interface-name—(Optional) Display filter information about a particular interface.
Additional Information For information about how to configure firewall filters, see the Routing Policies, Firewall
Filters, and Traffic Policers Feature Guide. For related operational mode commands, see
the CLI Explorer.
Required PrivilegeLevel
view
List of Sample Output show interfaces filters on page 636show interfaces filters (Interface-Name) on page 636show interfaces filters (PTX Series Packet Transport Routers) on page 636
Output Fields Table31onpage635 lists theoutput fields for the showinterfacesfilterscommand.Output
fields are listed in the approximate order in which they appear.
Table 31: show interfaces filters Output Fields
Field DescriptionField Name
Name of the interface.Interface
Interface state: up or down.Admin
Link state: up or down.Link
Protocol configured on the interface.Proto
Names of any firewall filters to be evaluated when packets arereceived on the interface, including any filters attached throughactivation of dynamic service.
Input Filter
Names of any firewall filters to be evaluated when packets aretransmitted on the interface, including any filters attached throughactivation of dynamic service.
Output Filter
635Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sample Output
show interfaces filters
user@host> show interfaces filtersInterface Admin Link Proto Input Filter Output Filterge-0/0/0 up upge-0/0/0.0 up up inet isoge-5/0/0 up up ge-5/0/0.0 up up any f-any inet f-inet multiservicegr-0/3/0 up upip-0/3/0 up upmt-0/3/0 up uppd-0/3/0 up uppe-0/3/0 up upvt-0/3/0 up upat-1/0/0 up upat-1/0/0.0 up up inet isoat-1/1/0 up downat-1/1/0.0 up down inet iso....
show interfaces filters (Interface-Name)
user@host> show interfaces filters so-2/1/0Interface Admin Link Proto Input Filter Output Filterso-2/1/0 up downso-2/1/0.0 up down inet goop outfilter iso inet6 v6in v6out
user@host > show interfaces filters ge-3/0/1Interface Admin Link Proto Input Filter Output Filterge-3/0/1 up upge-3/0/1.0 up up inet F1-ge-3/0/1.0-in F2-ge-3/0/1.0-out inet F3-ge-3/0/1.0-in
show interfaces filters (PTX Series Packet Transport Routers)
user@host > show interfaces filters em0Interface Admin Link Proto Input Filter Output Filter em0 up up em0.0 up up inet
Copyright © 2018, Juniper Networks, Inc.636
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces l2-routing-instance
Syntax show interfaces l2-routing-instance routing-instance-name
Release Information Command introduced in Junos OS Release 16.1R4.
Description Display informationabout core-facingphysical interfaces in thespecified routing instance.
The routing instancemustbeconfigured forLayer2wholesaleoperationsor thecommand
displays no output.
Options routing-instance-name—Name of the routing instance.
Required PrivilegeLevel
view
RelatedDocumentation
Layer 2Wholesale with ANCP-Triggered VLANs Overview on page 99•
List of Sample Output show interfaces l2-routing-instance on page 637
Output Fields Table 32 on page 637 lists the output fields for the show interfaces l2-routing-instance
command. Output fields are listed in the approximate order in which they appear.
Table 32: show interfaces l2-routing-instance Output Fields
Field DescriptionField Name
Name of .the core-facing physical interface.Interface
Trunk VLAN ID assigned to the core-facing physical interface within its input VLANmap.
VLAN Id
Aggregate number of VLAN IDs assigned to this physical interface based on theinner VLAN ID-swap-ranges configured for the interface.
Inner VLAN Id total
Inner VLAN ID swap range; numbers that can be used for swapping inner VLAN IDs.Inner VLAN range
Size of the inner VLAN ID swap range.Inner VLAN range total
Number of inner VLAN ID tags in use.Inner VLAN id use count
Number of inner VLAN ID tags not in use.Inner VLAN id free count
Sample Output
show interfaces l2-routing-instance
user@host> show interfaces l2-routing-instance NSP1
637Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Interface: ge-1/1/1.0VLAN Id: 100 Inner VLAN Id total: 6 Inner VLAN range: 15-20 Inner VLAN range total : 6 Inner VLAN id use count : 1 Inner VLAN id free count : 5
Copyright © 2018, Juniper Networks, Inc.638
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces routing
Syntax show interfaces routing<brief | detail><interface-name><logical-system (all | logical-system-name)>
Release Information Command introduced before Junos OS Release 7.4.
Description Display the state of the router's interfaces. Use this command for performing router
diagnostics only, when you are determining whether the routing protocols and the Junos
OS differ about the state of an interface.
Options none—Display standard information about the state of all router interfaces on all logicalsystems.
brief | detail—(Optional) Display the specified level of output.
interface-name—(Optional) Name of a specific interface.
logical-system (all | logical-system-name)—(Optional) Perform this operation on all
logical systems or on a particular logical system.
Additional Information For information about how to configure routing protocols, see the Junos OS Routing
Protocols Library. For information about related operationalmode commands for routing
instances and protocols, see the CLI Explorer.
Required PrivilegeLevel
view
List of Sample Output show interfaces routing brief on page 641show interfaces routing brief (TXMatrix Plus Router) on page 641show interfaces routing detail on page 642show interfaces routing detail (TXMatrix Plus Router) on page 642
Output Fields Table 33 on page 639 lists the output fields for the show interfaces routing command.
Output fields are listed in the approximate order in which they appear.
Table 33: show interfaces routing Output Fields
Level of OutputField DescriptionField Name
none briefName of the physical interface.Interface
none briefState of the physical interface: Up or Down.State
none briefProtocols and addresses configured on the interface.Addresses
639Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 33: show interfaces routing Output Fields (continued)
Level of OutputField DescriptionField Name
detailInterface index number, which reflects its initialization sequence.Index
detailNumber of references to the interface in the routing software.Refcount
detailState (Up or Down) and type of interface.State
detailReflects one or more of the following recent changes to the interface:
• Add—The interface was just added.
• Address—The interface's link-layer address has changed.
• Delete—The interface is being deleted.
• Encapsulation—The type of encapsulation on the interface has changed.
• Metric—The interface's metric value has changed.
• MTU—The interface's maximim transmission unit size has changed.
• UpDown—The interface has made an up or down transition.
Change
detailNumber of times the interface has gone from Down to Up.Up/downtransitions
detailDescribes the link layer of the interface.Link layer
detailEncapsulation on the interface.Encapsulation
detailSpeed at which the interface is running.Bandwidth
detailInformation about the configuration of protocols on the interface:
• Address—Address configured on the interface for the protocol type.
• State—State (Up or down) and type of interface.
• Change—Reflectsoneormoreof the following recentchanges to the interface:
• Add—The interface was just added.
• Address—The interface's address has changed.
• Broadcast—The interface's broadcast address has changed.
• Delete—The interface is being deleted.
• Netmask—The interface's netmask has changed.
• UpDown—The interface has made an up or down transition.
• Preference—Preference value for the route for this address.
• Metric—Metric value on the interface for the protocol type.
• MTU—Maximim transmission unit value of the interface.
• Local address—On a point-to-point link, the address of the local side of thelink. Not used for multicast links.
• Destination—For a point-to-point link, the address of the remote side of thelink. For multicast links, the network address.
Protocol address
Copyright © 2018, Juniper Networks, Inc.640
Broadband Subscriber ManagementWholesale Feature Guide
Sample Output
show interfaces routing brief
user@host> show interfaces routing briefInterface State Addressesso-5/0/3.0 Down ISO enabledso-5/0/2.0 Up MPLS enabled ISO enabled INET 192.168.2.120 INET enabledso-5/0/1.0 Up MPLS enabled ISO enabled INET 192.168.2.130 INET enabledat-1/0/0.3 Up CCC enabledat-1/0/0.2 Up CCC enabledat-1/0/0.0 Up ISO enabled INET 192.168.90.10 INET enabledlo0.0 Up ISO 47.0005.80ff.f800.0000.0108.0001.1921.6800.5061.00 ISO enabled INET 127.0.0.1fxp1.0 Upfxp0.0 Up INET 192.168.6.90
show interfaces routing brief (TXMatrix Plus Router)
user@host> show interfaces routing briefInterface State Addresses...ge-23/0/4.0 Up INET 203.0.113.91 ISO enabled MPLS enabledge-23/0/3.0 Up INET 203.0.113.81 ISO enabled MPLS enabledge-23/0/2.0 Up INET 203.0.113.71 ISO enabled MPLS enabledge-23/0/1.0 Up INET 203.0.113.61 ISO enabled MPLS enabledge-23/0/0.0 Up INET 203.0.113.51 ISO enabled MPLS enabledge-31/0/7.599 Up INET 192.0.2.93ge-31/0/7.598 Up INET 192.0.2.89ge-31/0/7.597 Up INET 192.0.2.85ge-31/0/7.596 Up INET 192.0.2.81ge-31/0/7.595 Up INET 192.0.2.77ge-31/0/7.594 Up INET 192.0.2.73...ixgbe1.0 Up INET 203.0.113.34 INET 198.51.100.4 INET6 fe80::200:1ff:fe22:4 INET6 fec0::a:22:0:4ixgbe0.0 Up INET 203.0.113.34 INET 198.51.100 INET6 fe80::200:ff:fe22:4
641Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
INET6 fec0::a:22:0:4em0.0 Up INET 192.168.178.11
show interfaces routing detail
user@host> show interfaces routing detailso-5/0/3.0 Index: 15, Refcount: 2, State: Up <Broadcast PointToPoint Multicast> Change:<>
Metric: 0, Up/down transitions: 0, Full-duplex Link layer: HDLC serial line Encapsulation: PPP Bandwidth: 155Mbps ISO address (null) State: <Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytesso-5/0/2.0 Index: 14, Refcount: 7, State: <Up Broadcast PointToPoint Multicast> Change:<>
Metric: 0, Up/down transitions: 0, Full-duplex Link layer: HDLC serial line Encapsulation: PPP Bandwidth: 155Mbps MPLS address (null) State: <Up Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4458 bytes ISO address (null) State: <Up Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes INET address 192.168.2.120 State: <Up Broadcast PointToPoint Multicast Localup> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes Local address: 192.168.2.120 Destination: 192.168.2.110/32 INET address (null) State: <Up Broadcast PointToPoint Multicast> Change: <> Preference: 0 (120 down), Metric: 0, MTU: 4470 bytes...
show interfaces routing detail (TXMatrix Plus Router)
user@host> show interfaces routing detailge-23/0/4.0 Index: 77, Refcount: 5, State: <Up Broadcast Multicast> Change: <> 0 metric, 0 up/down transitions, reth state 0, full-duplex Link layer: Ethernet Encapsulation: Ethernet Bandwidth: 1000Mbps Link address #0 0.1d.b5.14.da.2d INET address 203.0.113.91 State: <Up Broadcast Multicast Localup> Change: <> Flags: <RT-Change> Preference 0, metric 0, MTU 1500 bytes Broadcast address 203.0.113.93 Destination: 203.0.113.0/30 System flags: <Is-Preferred Is-Primary> ISO address (null) State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1497 bytes System flags: <> MPLS address (null) State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1488 bytes System flags: <>ge-23/0/3.0 Index: 76, Refcount: 5, State: <Up Broadcast Multicast> Change: <> 0 metric, 0 up/down transitions, reth state 0, full-duplex
Copyright © 2018, Juniper Networks, Inc.642
Broadband Subscriber ManagementWholesale Feature Guide
Link layer: Ethernet Encapsulation: Ethernet Bandwidth: 1000Mbps Link address #0 0.1d.b5.14.da.2c INET address 203.0.113.81 State: <Up Broadcast Multicast Localup> Change: <> Flags: <RT-Change> Preference 0, metric 0, MTU 1500 bytes Broadcast address 2.8.1.3 Destination: 203.0.113.80/30 System flags: <Is-Preferred Is-Primary> ISO address (null) State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1497 bytes System flags: <> MPLS address (null) State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1488 bytes System flags: <>ge-23/0/2.0 Index: 75, Refcount: 5, State: <Up Broadcast Multicast> Change: <> 0 metric, 0 up/down transitions, reth state 0, full-duplex Link layer: Ethernet Encapsulation: Ethernet Bandwidth: 1000Mbps Link address #0 0.1d.b5.14.da.2b INET address 203.0.113.71 State: <Up Broadcast Multicast Localup> Change: <> Flags: <RT-Change> Preference 0, metric 0, MTU 1500 bytes Broadcast address 203.0.113.73 Destination: 203.0.113.70/30 System flags: <Is-Preferred Is-Primary> ISO address (null) State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1497 bytes System flags: <> MPLS address (null) State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1488 bytes System flags: <>ge-23/0/1.0 Index: 74, Refcount: 5, State: <Up Broadcast Multicast> Change: <> 0 metric, 0 up/down transitions, reth state 0, full-duplex Link layer: Ethernet Encapsulation: Ethernet Bandwidth: 1000Mbps Link address #0 0.1d.b5.14.da.2a INET address 203.0.113.61 State: <Up Broadcast Multicast Localup> Change: <> Flags: <RT-Change> Preference 0, metric 0, MTU 1500 bytes Broadcast address 203.0.113.63...ixgbe1.0 Index: 5, Refcount: 5, State: <Up Broadcast Multicast> Change: <> 0 metric, 0 up/down transitions, reth state 0, full-duplex Link layer: Ethernet Encapsulation: Ethernet Bandwidth: 1000Mbps Link address #0 2.0.1.22.0.4 INET address 203.0.113.34 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Broadcast address 203.0.113.255 Destination: 203.0.113.0/8 System flags: <Is-Preferred> INET address 198.51.100.4 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Broadcast address 191.255.255.255 Destination: 192.0.2.0/2
643Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
System flags: <Primary Is-Preferred Is-Primary> INET6 address fe80::200:1ff:fe22:4 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Destination: fe80::/64 System flags: <Is-Preferred> INET6 address fec0::a:22:0:4 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Destination: fec0::/64 System flags: <Is-Preferred Is-Primary>ixgbe0.0 Index: 4, Refcount: 5, State: <Up Broadcast Multicast> Change: <> 0 metric, 0 up/down transitions, reth state 0, full-duplex Link layer: Ethernet Encapsulation: Ethernet Bandwidth: 1000Mbps Link address #0 2.0.0.22.0.4 INET address 203.0.113.34 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Broadcast address 203.0.113.255 Destination: 203.0.113.0/8 System flags: <Is-Preferred> INET address 198.51.100.4 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Broadcast address 191.255.255.255 Destination: 192.0.2.0/2 System flags: <Primary Is-Default Is-Preferred Is-Primary> INET6 address fe80::200:ff:fe22:4 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Destination: fe80::/64 System flags: <Is-Preferred> INET6 address fec0::a:22:0:4 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Destination: fec0::/64 System flags: <Is-Default Is-Preferred Is-Primary>em0.0 Index: 3, Refcount: 2, State: <Up Broadcast Multicast> Change: <> 0 metric, 0 up/down transitions, reth state 0, full-duplex Link layer: Ethernet Encapsulation: Ethernet Bandwidth: 100Mbps Link address #0 0.80.f9.26.0.c0 INET address 192.168.178.11 State: <Up Broadcast Multicast Localup> Change: <> Flags: <> Preference 0, metric 0, MTU 1500 bytes Broadcast address 192.168.178.127 Destination: 192.168.178.0/25 System flags: <Is-Preferred Is-Primary>
Copyright © 2018, Juniper Networks, Inc.644
Broadband Subscriber ManagementWholesale Feature Guide
show interfaces routing-instance
Syntax show interfaces routing-instance (instance-name | all)<brief | detail | extensive | terse>
Release Information Command introduced in Junos OS Release 9.1.
Description Display information about the interfaces configured for either a specific routing instance
or for all of the routing instances.
Options all—Display information about all of the interfaces configured for all of the routinginstances on the router.
instance-name—Display information about the interfaces configured for the specifiedrouting instance.
brief | detail | extensive | terse—(Optional) Display the specified level of output.
Required PrivilegeLevel
view
List of Sample Output show interfaces routing-instance terse on page 645show interfaces routing-instance all on page 645show interfaces routing-instance extensive on page 646
Output Fields The output fields from the show interfaces routing-instance command are identical to
those produced by the show interfaces interface-name command. For a description of
output fields, see the other chapters in this manual.
Sample Output
show interfaces routing-instance terse
user@host> show interfaces routing-instance sample terseInterface Admin Link Proto Local Remote ge-0/0/0.0 up up inet 192.168.4.28/24
Sample Output
show interfaces routing-instance all
user@host> show interfaces terse routing-instance allInterface Admin Link Proto Local Remote Instance at-0/0/1 up up inet 203.0.113.1/24ge-0/0/0.0 up up inet 192.168.4.28/24 sample-a at-0/1/0.0 up up inet6 fe80::a:0:0:4/64 sample-b so-0/0/0.0 up up inet 203.0.113.1/32
645Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show interfaces routing-instance extensive
user@hostshow interfaces fe-0/1/3 routing-instance instance2 extensiveLogical interface fe-0/1/3.0 (Index 70) (SNMP ifIndex 53) (Generation 211) Flags: SNMP-Traps Encapsulation: ENET2 Traffic statistics: Input bytes : 0 Output bytes : 42 Input packets: 0 Output packets: 1 IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Local statistics: Input bytes : 0 Output bytes : 42 Input packets: 0 Output packets: 1 Transit statistics: Input bytes : 0 0 bps Output bytes : 0 0 bps Input packets: 0 0 pps Output packets: 0 0 pps IPv6 transit statistics: Input bytes : 0 Output bytes : 0 Input packets: 0 Output packets: 0 Protocol inet, MTU: 1500, Generation: 252, Route table: 4 Flags: Is-Primary Addresses, Flags: Is-Default Is-Preferred Is-Primary Destination: 192.0.2/24, Local: 192.0.2.51, Broadcast: 192.0.2.255, Generation: 263
Copyright © 2018, Juniper Networks, Inc.646
Broadband Subscriber ManagementWholesale Feature Guide
show network-access aaa statistics
Syntax show network-access aaa statistics<accounting (detail)><address-assignment (client | pool pool-name)><dynamic-requests><radius>
Release Information Command introduced in Junos OS Release 9.1.
Option address-assignment introduced in Junos OS Release 10.0.
Option radius introduced in Junos OS Release 11.4.
Option detail introduced in Junos OS Release 13.3.
Description Display AAA accounting, address-assignment, dynamic request statistics, and RADIUS
settings and statistics.
Options accounting (detail)—(Optional) Display AAA accounting statistics. The detail keyworddisplays additional accounting information
address-assignment (client | pool pool-name)—(Optional) Display AAAaddress-assignment client and pool statistics.
dynamic-requests—(Optional) Display AAA dynamic requests.
radius—(Optional) Display RADIUS settings and statistics.
Required PrivilegeLevel
view
RelatedDocumentation
Verifying and Managing Subscriber AAA Information•
List of Sample Output show network-access aaa statistics accounting on page 653show network-access aaa statistics accounting detail on page 654show network-access aaa statistics address-assignment client on page 654show network-access aaa statistics address-assignment pool on page 655show network-access aaa statistics address-assignment pool (ExcludedAddresses) on page 655show network-access aaa statistics dynamic-requests on page 655show network-access aaa statistics radius on page 655
Output Fields Table 34 on page 648 lists the output fields for the show network-access aaa statistics
command. Output fields are listed in the approximate order in which they appear.
647Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 34: show network-access aaa statistics Output Fields
Level of OutputField DescriptionField Name
All levels• Number of accounting requests generated by theAAA framework.
• Number of dynamic requests received from theexternal server.
Does not include requests sent from backupaccounting.
Requestsreceived
detailNumberofaccounting requests that failed tobesentor queued from a client to a RADIUS accountingserver.
Does not include requests sent from backupaccounting.
Accountingrequestfailures
detailNumber of accounting requests successfully sent orqueued fromaclient toaRADIUSaccounting server.
Does not include requests sent from backupaccounting.
Accountingrequestsuccess
detailNumberofaccountingon requests sent fromaclientto a RADIUS accounting server.
Account onrequests
detailNumber of accounting start requests sent from aclient to a RADIUS accounting server.
Accountingstart requests
detailNumber of accounting interim requests sent from aclient to a RADIUS accounting server.
Accountinginterimrequests
detailNumber of accounting stop requests sent from aclient to a RADIUS accounting server.
Does not include requests sent from backupaccounting.
Accountingstop requests
All levelsNumber of accounting requests to the accountingserver that timed out. This field was named Timedout requests in releases before Junos OS Release16.1.
Does not include requests sent from backupaccounting.
Accountingrequesttimeouts
All levelsNumber of accounting requests not acknowledged(NAK) by the accounting server.
Does not include requests sent from backupaccounting.
AccountingResponsefailures
Copyright © 2018, Juniper Networks, Inc.648
Broadband Subscriber ManagementWholesale Feature Guide
Table 34: show network-access aaa statistics Output Fields (continued)
Level of OutputField DescriptionField Name
All levelsNumber of accounting requests acknowledged bythe accounting server.
Does not include requests sent from backupaccounting.
Accountingresponsesuccess
detailNumber of accounting on requests acknowledgedby the RADIUS accounting server.
Account onresponses
detailNumberofaccountingstart requestsacknowledgedby the RADIUS accounting server.
Accountingstartresponses
detailNumber of accounting interim requestsacknowledged by the RADIUS accounting server.
Accountinginterimresponses
detailNumber of accounting stop requests acknowledgedby the RADIUS accounting server.
Does not include requests sent from backupaccounting.
Accountingstopresponses
detailNumberofaccounting requestscoming toaRADIUSaccounting server after a previous server timing out.
Accountingrolloverrequests
detailNumber of unknown accounting requests sent fromaclient toaRADIUSaccounting server (for example,when the header has invalid or unsupportedinformation).
Accountingunknownrequests
detailNumber of accounting requests sent from a clientto a RADIUS accounting server that are waiting fora response from the server.
Accountingradiuspendingrequests
detailNumber of accounting responses from a RADIUSaccounting server that have invalid or unexpectedattributes.
Accountingmalformedresponses
detailNumber of accounting requests made by a client tothe RADIUS sever that were retransmitted.
Does not include requests sent from backupaccounting.
Accountingretransmissions
detailNumber of accounting responses from a RADIUSaccounting server that have an incorrectauthenticator (for example, the client and serverRADIUS secret do not match).
Accountingbadauthenticators
649Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 34: show network-access aaa statistics Output Fields (continued)
Level of OutputField DescriptionField Name
detailNumber of accounting responses from a RADIUSaccounting server that are dropped by a client.
Accountingpacketsdropped
detailNumber of accounting stop requests from a clientto a RADIUS accounting server that were forwardedto be backed up.
Accountingbackup recordcreationrequests
detailNumber of backup accounting stop requestssuccessfully created by clients after each timeoutfor replay to a RADIUS accounting server.
Accountingbackup replayrequestsuccess
detailNumber of backup accounting requests that failedto be sent or queued from a client to a RADIUSaccounting server.
Accountingbackuprequestfailures
detailNumberofbackupaccounting requests successfullysentorqueued fromaclient toaRADIUSaccountingserver.
Accountingbackuprequestsuccess
detailNumber of backup accounting requests that timedout after being sent to a RADIUS accounting server.
Accountingbackuptimeouts
detailNumber of backup accounting requests that weresuccessfully sentorqueued toaRADIUSaccountingserver for which no response or error has beenreceived yet.
Backup requests are replayed only in the followingcircumstances:
• When the request being replayed receives apositive response, the next request can bereplayed.
• When the request being replayed receives atimeout response, it can be replayed again.
Consequently this intermediate timer displays 1 or0. The value eventually drops to 0 as requests areresponded to positively or fail due to error.
Accountingbackupin-flightrequests
detailNumber of backup records that were successfullyacknowledged with a positive response from aRADIUS accounting server.
Accountingbackupresponsessuccess
Copyright © 2018, Juniper Networks, Inc.650
Broadband Subscriber ManagementWholesale Feature Guide
Table 34: show network-access aaa statistics Output Fields (continued)
Level of OutputField DescriptionField Name
detailNumber of backup requests sent to UDP level.
This is a RADIUS-level counter and incrementsrapidly basedon the configured retries and timeoutsand the RADIUS-level retransmissions. Anobservation that the value is increasing is moresignificant than the exact value of the counter.
Accountingbackup radiusrequests
detailNumber of responses received at the UDP level forbackup requests.
This is a RADIUS-level counter and incrementsrapidly basedon the configured retries and timeoutsand the RADIUS-level retransmissions. Observationthat the value is increasing is more significant thanthe exact value of the counter.
Accountingbackup radiusresponses
detailNumber of backup requests that timed out afterbeing sent to UDP.
This is a RADIUS-level counter and incrementsrapidly basedon the configured retries and timeoutsand the RADIUS-level retransmissions. Observationthat the value is increasing is more significant thanthe exact value of the counter.
Accountingbackup radiustimeouts
detailNumber of backup requests sent to a RADIUSaccounting server that are waiting for a responsefrom the server.
This is an intermediate state counter that eventuallydrops to zero as requests are responded to or faileddue to error.
Accountingbackup radiuspendingrequests
detailSum of backup request retransmissions for eachRADIUS accounting server.
This is a RADIUS-level counter and incrementsrapidly basedon the configured retries and timeoutsand the RADIUS-level retransmissions. Observationthat the value is increasing is more significant thanthe exact value of the counter.
Accountingbackup radiusretransmissions
detailSum of malformed responses received for backuprequests sent to each RADIUS accounting server atthe UDP level.
Accountingbackupmalformedresponses
detailSum of responses received for backup accountingrequests for each RADIUS accounting server whereauthenticators were mismatched.
Accountingbackup badauthenticators
651Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 34: show network-access aaa statistics Output Fields (continued)
Level of OutputField DescriptionField Name
detailSum of responses for backup accounting requestsfor each RADIUS accounting server that weredropped due to various sanity checks.
Accountingbackupresponsesdropped
detailSum of backup accounting requests rolled over foreach RADIUS accounting server.
Accountingbackuprolloverrequests
detailSum of unknown responses for backup accountingrequests for each RADIUS accounting server.
Accountingbackupunknownresponses
none specifiedClient type; for example, DHCP, Mobile IP, PPP.Client
none specifiedNumber of times an address was not given to theclient due to memory issues.
OutofMemory
none specifiedNumber of times there were no network matchesfor the pool.
NoMatches
none specifiedNameof theaddress-assignmentpool for this client.Pool Name
none specifiedNumber of times there were no available addressesin the pool.
Out ofAddresses
none specifiedNumber of addresses in the pool.Address total
none specifiedNumber of addresses in use.Addresses inuse
none specifiedNumberofaddressesexcluded frombeingallocatedfrom the pool with the excluded-address orexcluded-range statements.
Addressesexcluded
none specifiedPercentageof total addresses inuse. This valuedoesnot take excluded addresses into account.
AddressUsage(percent)
none specifiedConfiguration state of active drain for the specifiedlocal address pool, yes or no.
Pool drainconfigured
none specifiedPercentage of allocated addresses in the specifiedaddress pool.
Pool Usage
All levelsNumberofdynamic requestsprocessedsuccessfullyby the AAA framework.
processedsuccessfully
Copyright © 2018, Juniper Networks, Inc.652
Broadband Subscriber ManagementWholesale Feature Guide
Table 34: show network-access aaa statistics Output Fields (continued)
Level of OutputField DescriptionField Name
All levelsNumber of dynamic requests that resulted inprocessing errors by the AAA framework.
errors duringprocessing
Name of the secondary address-assignment poolto which the primary pool is linked.
Link Name
All levelsNumber of dynamic requests dropped by the AAAframeworkduetomultipleback-to-backorduplicaterequests.
silentlydropped
All levelsIPv4 or IPv6 address of the RADIUS server to whichthe router is sending requests.
RADIUSServer
All levelsName of the RADIUS profile associated with theRADIUS server. A RADIUS server can be associatedwith more than one RADIUS profile.
Profile
All levelsConfiguredmaximum number of outstandingrequests from the router to the RADIUS server for aspecific profile. An outstanding request is a requestto which the RADIUS server has not yet responded.The range of values is 0 through 2000 outstandingrequests. The default value is 1000.
Configured
All levelsCurrent number of outstanding requests from therouter to the RADIUS server for a specific profile. Anoutstanding request is a request to which theRADIUS server has not yet responded.
Current
All levelsHighest number of outstanding requests from therouter to the RADIUS server for a specific profile atanypoint in timesince the routerwasstartedor sincethe counter was last cleared.
NOTE: If the value of this field is equal to the valueof theConfigured field, youmaywant to increase thevalue of the Configured field.
Peak
All levelsNumber of times that the router attempted to sendrequests to the RADIUS server in excess of theconfiguredmaximum value for a specific profile.
NOTE: If the value of this field is nonzero, youmaywant to increase the value of the Configured field.
Exceeded
Sample Output
show network-access aaa statistics accounting
user@host> show network-access aaa statistics accountingAccounting module statisticsAccounting module statistics
653Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Requests received: 5000 Accounting request timeouts: 2000 Accounting response failures: 0 Accounting response success: 3000
show network-access aaa statistics accounting detail
user@host> show network-access aaa statistics accounting detailAccounting module statisticsAccounting module statistics Requests received: 5000 Accounting request failures: 0 Accounting request success: 5000 Account on requests: 0 Accounting start requests: 3000 Accounting interim requests: 0 Accounting stop requests: 2000 Accounting request timeouts: 2000 Accounting response failures: 0 Accounting response success: 3000 Account on responses: 0 Accounting start responses: 3000 Accounting interim responses: 0 Accounting stop responses: 0 Accounting rollover requests: 0 Accounting unknown responses: 0 Accounting radius pending requests: 0 Accounting malformed responses: 0 Accounting retransmissions: 6000 Accounting bad authenticators: 0 Accounting packets dropped: 0
Accounting backup record creation requests: 3000 Accounting backup request replay success: 9808 Accounting backup request failures: 0 Accounting backup request success: 3006 Accounting backup timeouts: 6 Accounting backup in-flight requests: 0 Accounting backup responses success: 3000 Accounting backup radius requests: 3006 Accounting backup radius responses: 3000 Accounting backup radius timeouts: 99 Accounting backup radius pending requests: 0 Accounting backup radius retransmissions: 99 Accounting backup malformed responses: 0 Accounting backup bad authenticators: 0 Accounting backup responses dropped: 0 Accounting backup rollover requests: 0 Accounting backup unknown responses: 0
show network-access aaa statistics address-assignment client
user@host> show network-access aaa statistics address-assignment clientAddress-assignment statistics Client: jdhcpd Out of Memory: 0 No Matches: 2
Copyright © 2018, Juniper Networks, Inc.654
Broadband Subscriber ManagementWholesale Feature Guide
show network-access aaa statistics address-assignment pool
user@host> show network-access aaa statistics address-assignment pool isp_1Address-assignment statistics Pool Name: isp_1 Pool Name: (all pools in chain) Out of Memory: 0 Out of Addresses: 9 Address total: 47 Addresses in use: 47 Address Usage (percent): 100 Pool drain configured: yes
show network-access aaa statistics address-assignment pool (Excluded Addresses)
user@host> show network-access aaa statistics address-assignment pool isp_1Address-assignment statistics Pool Name: isp_1 Pool Name: (all pools in chain) Out of Memory: 0 Out of Addresses: 0 Address total: 24000 Addresses in use: 12000 Addresses excluded: 1000 Address Usage (percent): 50 Pool drain configured: yes
show network-access aaa statistics dynamic-requests
user@host> show network-access aaa statistics dynamic-requestsrequests received: 0processed successfully: 0errors during processing: 0silently dropped: 0
show network-access aaa statistics radius
user@host> show network-access aaa statistics radiusOutstanding RequestsRADIUS Server Profile Configured Current Peak Exceeded198.51.100.239 prof1 1000 0 1000 14 prof2 500 17 432 0198.51.100.211 myprof 200 0 200 27203.0.113.254 pppoe-auth 111 0 1 02001:db8:0:f101::2 xyz-profile11 1000 10 135 0
655Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show network-access aaa statistics authentication
Syntax show network-access aaa statistics authentication<detail>
Release Information Command introduced in Junos OS Release 9.1.
Option detail introduced in Junos OS Release 12.1.
Description Display AAA authentication statistics.
Options detail—(Optional) Displays detailed information about authentication.
Required PrivilegeLevel
view
RelatedDocumentation
Verifying and Managing Subscriber AAA Information•
List of Sample Output show network-access aaa statistics authentication on page 658show network-access aaa statistics authentication detail on page 658
Output Fields Table 35 on page 656 lists the output fields for the show network-access aaa statistics
authentication command. Output fields are listed in the approximate order in which they
appear.
Table 35: show network-access aaa statistics authentication Output Fields
Level of OutputField DescriptionField Name
All levelsNumber of authentication requests receivedfrom clients.
Requests received
All levelsNumber of authentication requests acceptedby the authentication server.
Accepts
All levelsNumber of authentication requests rejected bythe authentication server.
Rejects
All levelsNumber of authentication requests challengedby the authentication server.
Challenges
All levelsNumber of authentication requests that timedout.
Timed out requests
DetailNumber of RADIUS authentication requeststhat have failed.
RADIUSauthentication failures
DetailNumber of queue requests that have beendeleted.
Queue request deleted
Copyright © 2018, Juniper Networks, Inc.656
Broadband Subscriber ManagementWholesale Feature Guide
Table 35: show network-access aaa statistics authentication OutputFields (continued)
Level of OutputField DescriptionField Name
DetailNumberofmalformed replies received fromtheRADIUS authentication server.
Malformed reply
DetailNumber of authentication requests that failedbecausenoauthentication server is configured.
No server configured
DetailNumber of authentication requests that failedbecause no access profile is configured.
AccessProfileconfigurationnotfound
DetailNumber of times that the router is unable tocreate the client record for the authenticationrequest.
Unable to create client record
DetailNumber of times that the router is unable tocreate the client request for the authenticationrequest.
Unable to create client request
DetailNumber of times that the router is unable tobuild the authentication request.
Unable to build authenticationrequest
DetailNumberof requests to theauthenticationserverthat have timed out; the server is thenconsidered to be down.
No server found
DetailNumber of authentication requests that havefailed because of an internal allocation failure.
Unable to create handle
DetailNumber of times the router was unable toqueue the request to the authentication server.
Unable to queue request
DetailNumber of times the router did not have properauthorization to access the authenticationserver.
Invalid credentials
DetailNumber of times the router request to theauthentication server is malformed.
Malformed request
DetailNumber of times the router did not have alicense to access the authentication server.
License unavailable
DetailNumber of authentication requests that havebeen redirected based on routing instance.
Redirect requested
DetailNumber of internal failures.Internal failure
DetailNumber of times local authentication failed.Local authentication failures
DetailNumber of times the LDAP lookup operationfailed.
LDAP lookup failures
657Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sample Output
show network-access aaa statistics authentication
user@host> show network-access aaa statistics authenticationAuthentication module statistics Requests received: 2118 Accepts: 261 Rejects: 975 Challenges: 0 Timed out requests: 882
show network-access aaa statistics authentication detail
user@host> show network-access aaa statistics authentication detailAuthentication module statistics Requests received: 2118 Accepts: 261 Rejects: 975 RADIUS authentication failures: 975 Queue request deleted: 0 Malformed reply: 0 No server configured: 0 Access Profile configuration not found: 0 Unable to create client record: 0 Unable to create client request: 0 Unable to build authentication request: 0 No server found: 975 Unable to create handle: 0 Unable to queue request: 0 Invalid credentials: 0 Malformed request: 0 License unavailable: 0 Redirect requested: 0 Internal failure: 0 Local authentication failures: 0 LDAP lookup failures: 0 Challenges: 0 Timed out requests: 882
Copyright © 2018, Juniper Networks, Inc.658
Broadband Subscriber ManagementWholesale Feature Guide
show network-access aaa subscribers
Syntax show network-access aaa subscribers<logical-system logical-system-name><routing-instance routing-instance-name><statistics><username><session-id session-id-number detail>
Release Information Command introduced in Junos OS Release 9.1.
Command updated with session-id session-id-number detail in Junos OS Release 17.3.
Description Display subscriber-specific AAA statistics.
Options logical-system logical-system-name—(Optional) List subscribers in the specific logicalsystem.
routing-instance routing-instance-name—(Optional) List subscribers for the specificrouting instance. If you do not specify a routing instance name, the default routing
instance is assumed.
statistics—(Optional) Display statistics for the subscriber events.
username—(Optional) Display information for the specified subscriber.
session-id session-id-number detail—(Optional) Display information for the specifiedsession ID.
Required PrivilegeLevel
view
RelatedDocumentation
Verifying and Managing Subscriber AAA Information•
List of Sample Output show network-access aaa subscribers logical-system on page 661show network-access aaa subscribers logical-system routing-instance on page 661show network-access aaa subscribers statistics username on page 661show network-access aaa subscribers username on page 662show network-access aaa subscribers session-id 26 detail on page 662
Output Fields Table 36 on page 659 lists the output fields for the shownetwork-access aaa subscribers
command. Output fields are listed in the approximate order in which they appear.
Table 36: show network-access aaa subscribers Output Fields
Field DescriptionField Name
Number of authentication requests challenged by the authentication server for this subscriber.Challenge requests
659Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 36: show network-access aaa subscribers Output Fields (continued)
Field DescriptionField Name
Number of challenge responses sent by the subscriber to the authentication server.Challenge responses
Number of accounting start requests generated by the AAA framework for this subscriber.START sentsuccessfully
Number of accounting start requests that failed tomake it to the accounting server for this subscriber.START send failures
Number of accounting start requests acknowledged by the accounting server for this subscriber.START ack received
Number of accounting interim requests generated by the AAA framework for this subscriber.INTERIM sentsuccessfully
Numberofaccounting interim requests that failed tomake it to theaccountingserver for this subscriber.INTERIM send failures
Number of accounting interim requests acknowledged by the accounting server for this subscriber.INTERIM ack received
Number of reauthentication requests received by the authentication server.Requests received
Number of successful reauthentication requests granted by the authentication server.Successful responses
Number of reauthentication requests aborted by the authentication server.Aborts handled
Name of the subscriber service.Service name
Number of requests to create the service.Creation requests
Number of requests to delete the service.Deletion requests
Number of times the service request was timed out.Request timeouts
Type of client; for example, DHCP, Mobile IP, PPP.Client type
ID of the subscriber session.Session-ID
How long the session has been up, in HH:MM:SS.Session uptime
Status of accounting, and type of accounting if accounting is on.Accounting
Username of the subscriber session.Stripped username
AAA framework for the subscriber of logical system or routing instance.AAA Logicalsystem/Routinginstance
Target framework for the subscriber of logical system or routing instance.Target Logicalsystem/Routinginstance
Copyright © 2018, Juniper Networks, Inc.660
Broadband Subscriber ManagementWholesale Feature Guide
Table 36: show network-access aaa subscribers Output Fields (continued)
Field DescriptionField Name
Profile of the subscriber.Access-profile
ID of the subscriber session for accounting.Accounting Session ID
ID of the subscriber session for multiple accouting.Multi AccountingSession ID
IPv4 address of the subscriber.IP Address
IPv6 address of the subscriber.IPv6 Address
IPv6 prefix of the subscriber.IPv6 Prefix
State of subscriber session authentication.Authentication State
State of subscriber session accounting.Accounting State
Type of subscriber provisioning.Provisioning Type
Sample Output
show network-access aaa subscribers logical-system
user@host> show network-access aaa subscribers logical-systemUsername Client type Logical system/Routing [email protected] ppp default00010e020304.1231 dhcp isp-bos-metro-12:[email protected] dhcp default:isp-gtown-r3-000020df980102.2334 dhcp isp-bos-metro-16:isp-cmbrg-12
show network-access aaa subscribers logical-system routing-instance
user@host> show network-access aaa subscribers logical-system isp-bos-metro-16routing-instance isp-cmbrg-12-32Username Client type Logical system/Routing instance00010e020304.1231 dhcp isp-bos-metro-12:[email protected] dhcp default:isp-gtown-r3-000020df980102.2334 dhcp isp-bos-metro-16:isp-cmbrg-12
show network-access aaa subscribers statistics username
user@host> show network-access aaa subscribers statistics username 00010e020304.1231Authentication statistics Challenge requests: 0 Challenge responses: 0 Accounting statistics START sent successfully: 1 START send failures: 0 START ack received: 1 INTERIM sent successfully: 0 INTERIM send failures: 0
661Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
INTERIM ack received: 0 Re-authentication statistics Requests received: 0 Sucessfull responses: 0 Aborts handled: 0 Service statistics Service name: filter-serv Creation requests: 1 Deletion requests: 0 Request timeouts: 0 Service name: filter-serv2 Creation requests: 144 Deletion requests: 0 Request timeouts: 144
show network-access aaa subscribers username
user@host> show network-access aaa subscribers username [email protected] system/Routing instance Client type Session-ID Session uptime Accountingisp-bos-metro-16:isp-cmbrg-12 dhcp 7 01:12:56 on/volumeService name Service type Quota AccountingI-Cast volume 1200 Mbps on/volume+timeVoip on/volumeGamingBurst time 6000 secs on/volume
show network-access aaa subscribers session-id 26 detail
The following command output is seen when only an IPv4 client is associated with the
session:
user@host> show network-access aaa subscribers session-id 26 detailType: dhcpStripped username: my-customerAAA Logical system/Routing instance: default:defaultTarget Logical system/Routing instance: default:defaultAccess-profile: AccessProfileSession ID: 26Accounting Session ID: 26Multi Accounting Session ID: 0IP Address: 20.0.0.2Authentication State: AuthStateActiveAccounting State: Acc-Interim-SentProvisioning Type: None
The following command output is seen when IPv6 client logs in (after IPv4 association)
and is associated with the same session ID:
user@host> show network-access aaa subscribers session-id 26 detailType: dhcpStripped username: my-customerAAA Logical system/Routing instance: default:defaultTarget Logical system/Routing instance: default:defaultAccess-profile: AccessProfileSession ID: 26Accounting Session ID: 26Multi Accounting Session ID: 0IP Address: 20.0.0.2IPv6 Address: 3000:0:0:8003::2
Copyright © 2018, Juniper Networks, Inc.662
Broadband Subscriber ManagementWholesale Feature Guide
IPv6 Prefix: 3ffe:ffff:0:4::/64Authentication State: AuthStateActiveAccounting State: Acc-Interim-SentProvisioning Type: None
663Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show network-access address-assignment pool
Syntax show network-access address-assignment pool pool-name<logical-system logical-system-name><routing-instance routing-instance-name>
Release Information Command introduced in Junos OS Release 9.0.
Description Display state information for each address-assignment pool.
Options none—Display information about clients that have obtained addresses from the
address-assignment pool.
pool pool-name—Display information about the specified address-assignment pool.
logical-system logical-system-name—(Optional)Performthisoperationon thespecified
logical system.
routing-instance routing-instance-name—(Optional) Perform this operation on the
specified routing instance.
Required PrivilegeLevel
view and system
List of Sample Output show network-access address-assignment pool on page 665
Output Fields Table 37 on page 664 lists the output fields for the show network-access
address-assignment pool command. Output fields are listed in the approximate order in
which they appear.
Table 37: show network-access address-assignment pool Output Fields
Field DescriptionField Name
IP address of the client.IP address/prefix
MAC address of the client.
Displays NA for addresses excluded from being allocated from thepool with the excluded-address or excluded-range statements.
Hardware address
Hostname or username of the client.
Displays EXCLUDED for addresses excluded from being allocatedfrom the pool with the excluded-address or excluded-rangestatements.
Host/User
Type of client.
Displaysunknown for addressesexcluded frombeingallocated fromthe pool with the excluded-address or excluded-range statements.
Type
Copyright © 2018, Juniper Networks, Inc.664
Broadband Subscriber ManagementWholesale Feature Guide
Sample Output
show network-access address-assignment pool
user@host> show network-access address-assignment pool sunnywest logical-system ls1routing-instance routinst2IP address/prefix Hardware address Host/User Type192.168.2.1 00:00:5e:00:53:01 user1 DHCP192.168.2.2 00:00:5e:00:53:02 user2 DHCP192.168.2.3 00:00:5e:00:53:03 user3 DHCP192.168.2.4 NA EXCLUDED unknown
665Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show ppp interface
Syntax show ppp interface interface-name<extensive| terse>
Release Information Command introduced in Junos OS Release 7.5.
Description Display information about PPP interfaces.
Options interface-name—Name of a logical interface.
extensive | terse—(Optional) Display the specified level of output.
Required PrivilegeLevel
view
List of Sample Output show ppp interface on page 674show ppp interface extensive on page 674show ppp interface terse on page 674
Output Fields Table 38onpage666 lists the output fields for the showppp interface command.Output
fields are listed in the approximate order in which they appear.
Table 38: show ppp interface Output Fields
Level ofOutputField DescriptionField Name
All levelsName of the logical interface on which the session is running.Session
All levelsSession type: PPP.Type
All levelsPPP process phase: Authenticate, Pending, Establish, LCP, Network, Disabled, and Tunneled.Phase
All levelsSpecial conditions present in the session: Bundled, TCC, No-keepalives, Looped,Monitored,and NCP-only.
Session flags
Nonespecified
Protocol state information. See specific protocol state fields for information.protocol State
Nonespecified
Challenge-Handshake Authentication Protocol (CHAP) authentication state information orPassword Authentication Protocol (PAP) state information. See the Authentication fielddescription for further information.
AUTHENTICATION
Copyright © 2018, Juniper Networks, Inc.666
Broadband Subscriber ManagementWholesale Feature Guide
Table 38: show ppp interface Output Fields (continued)
Level ofOutputField DescriptionField Name
extensiveKeepalive settings for the PPP sessions on the L2TP network server (LNS). LNS based PPPsessions are supported only on service interfaces (si).
• Interval—Time in seconds between successive keepalive requests.
Keepalive aging timeout is calculated as a product of the interval and Down-count values.If thekeepaliveaging timeout is greater than 180seconds, thekeepalivepacketsarehandledby theRouting Engine. If the aging timeout is less thanor equal to 180 seconds, the packetsare handled by the Packet Forwarding Engine.
• Up-count—The number of keepalive packets a destination must receive to change a link’sstatus from down to up.
• Down-count—The number of keepalive packets a destination must fail to receive beforethe network takes down a link.
Keepalive settings
extensiveIndicates whether the local peer is configured to ignore mismatches between peer magicnumberswhen thenumbers are validatedduringPPPkeepalive (Echo-Request/Echo-Reply)exchanges.
• Enable–Mismatch detection sends failed Echo-Reply packets to the Routing Engine. If avalid magic number is not received within the configurable keepalive interval, PPP treatsthis as a keepalive failure and tears down the PPP sessions.
• Disable–The Packet Forwarding Engine does not perform a validation check for magicnumbers received from remote peers. A mismatch cannot be detected, so receipt of itsownmagic number or an unexpected value does not trigger notification to the RoutingEngine.
Magic-Numbervalidation
extensiveKeepalive statistics for the packets handled by the Routing Engine.
• LCP echo req Tx—LCP echo requests sent from the Routing Engine.
• LCP echo req Rx—LCP echo requests received at the Routing Engine.
• LCP echo rep Tx—LCP echo responses sent from the Routing Engine.
• LCP echo rep Rx—LCP echo responses received at the Routing Engine.
• LCP echo req timeout—Number of keepalive packets where the keepalive aging timer hasexpired.
• LCPRx echo reqMagic NumFailures—LCP echo requests where themagic numbers sharedbetween the PPP peers during LCP negotiation did not match.
• LCPRxechorepMagicNumFailures—LCPecho responseswhere themagicnumbers sharedbetween the PPP peers during LCP negotiation did not match.
RE Keepalivestatistics
667Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 38: show ppp interface Output Fields (continued)
Level ofOutputField DescriptionField Name
extensiveLCP information:
• State—LCP protocol state (all platforms except M120 and M320 routers):
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is not available for traffic.
• Opened—Link is administratively available for traffic.
• Req-sent—An attempt has beenmade to configure the connection.
• State—LCP protocol state (M120 and M320 routers):
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is available (up), but no Open has occurred.
• Closing—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Opened—Link is administratively available for traffic. A Configure-Ack has been bothsent and received.
• Req-sent—Anattempthasbeenmade toconfigure theconnection.AConfigure-Requesthas been sent but a Configure-Ack has not yet been received.
• Starting—AnadministrativeOpenhasbeen initiated, but the lower layer is still unavailable(Down).
• Stopped—The system is waiting for a Down event after the This-Layer-Finished action,or after sending a Terminate-Ack.
• Stopping—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Last started—LCP state start time.
• Last completed—LCP state completion time.
LCP
Copyright © 2018, Juniper Networks, Inc.668
Broadband Subscriber ManagementWholesale Feature Guide
Table 38: show ppp interface Output Fields (continued)
Level ofOutputField DescriptionField Name
• Negotiated options:
• ACFC—Address and-Control Field Compression. A configuration option that provides amethod to negotiate the compression of the Data Link Layer Address and Control fields.
• Asynchronousmap—Asynchronous control character map. A configuration option usedon asynchronous links such as telephone lines to identify control characters that mustbe replaced by a two-character sequence to prevent them from being interpreted byequipment used to establish the link.
• Authenticationprotocol—Protocol used for authentication.Thisoptionprovidesamethodto negotiate the use of a specific protocol for authentication. It requires a peer toauthenticate itself before allowing network-layer protocol packets to be exchanged. Bydefault, authentication is not required.
• Authentication algorithm—Type of authentication algorithm. The Message Digestalgorithm (MD5) is the only algorithm supported.
• Endpoint discriminator class—For multilink PPP (MLPPP), a configuration option thatidentifies the system transmitting the packet. This option advises a system that the peeron this link could be the same as the peer on another existing link.
• Magic number—A configuration option that provides amethod to detect looped-backlinksandother data-link layer anomalies. Bydefault, themagic number is not negotiated.
• MRU—Maximum receive unit. A configuration option thatmay be sent to inform the peerthat the implementation can receive larger packets, or to request that the peer sendsmaller packets. The default value is 1500 octets.
• MRRU—For multilink PPP, the maximum receive reconstructed unit. A configurationoption that specifies the maximum number of octets in the Information fields ofreassembled packets.
• Multilink header suspendable classes—For MLPPP, an LCP option that advises the peerthat the implementation wishes to receive fragments with a format given by the codenumber, with the maximum number of suspendable classes given.
• Multilink header format classes—For MLPPP, an LCP option that advises the peer thatthe implementationwishes to receive fragmentswitha formatgivenby thecodenumber.
• PFC—Protocol-Field-Compression. A configuration option that provides amethod tonegotiate the compression of the PPP Protocol field.
• short sequence—For MLPPP, an option that advises the peer that the implementationwishes to receive fragments with short, 12-bit sequence numbers.
669Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 38: show ppp interface Output Fields (continued)
Level ofOutputField DescriptionField Name
Nonespecified
CHAP or PAP authentication state information. For CHAP authentication:
• Chap-ans-rcvd—Packet was sent from the peer, indicating that the peer received theChap-resp-sent packet.
• Chap-ans-sent—Packet was sent from the authenticator, indicating that the authenticatorreceived the peer's Chap-resp-rcvd packet.
• Chap-chal-rcvd—Challenge packet has been received by the peer.
• Chap-chal-sent—Challenge packet has been sent by the authenticator to begin the CHAPprotocol or has been transmitted at any time during the Network-Layer Protocol (NCP)phase to ensure that the connection has not been altered.
• Chap-resp-rcvd—CHAP response packet has been received by the authenticator.
• Chap-resp-sent—CHAP response packet has been sent to the authenticator.
• Closed—Link is not available for authentication.
• Failure—Authenticator compares the response value in the response packet from the peerwith its own response value, but the value does not match. Authentication fails.
• Success—Authenticator compares the response value in the response packet from thepeer with its own response value, and the value matches. Authentication is successful.
For PAP authentication:
• Pap-resp-sent—PAP response sent to peer (ACK/NACK)t.
• Pap-req-rcvd—PAP request packet received from peer.
• Pap-resp-rcvd—PAP response received from the peer (ACK/NACK).
• Pap-req-sent—PAP request packet sent to the peer.
• Closed—Link is not available for authentication.
• Failure—Authenticator compares the response value in the response packet from the peerwith its own response value, but the value does not match. Authentication fails.
• Success—Authenticator compares the response value in the response packet from thepeer with its own response value, and the value matches. Authentication is successful.
Authentication
Copyright © 2018, Juniper Networks, Inc.670
Broadband Subscriber ManagementWholesale Feature Guide
Table 38: show ppp interface Output Fields (continued)
Level ofOutputField DescriptionField Name
extensiveInternet Protocol Control Protocol (IPCP) information.
• State—(All platforms except M120 and M320 routers) One of the following values:
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is not available for traffic.
• Opened—Link is administratively available for traffic.
• Req-sent—An attempt has beenmade to configure the connection.
• State—(M120 and M320 routers) One of the following values:
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is available (up), but no Open has occurred.
• Closing—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Opened—Link is administratively available for traffic. A Configure-Ack has been bothsent and received.
• Req-sent—Anattempthasbeenmade toconfigure theconnection.AConfigure-Requesthas been sent but a Configure-Ack has not yet been received.
• Starting—AnadministrativeOpenhasbeen initiated, but the lower layer is still unavailable(Down).
• Stopped—The system is waiting for a Down event after the This-Layer-Finished action,or after sending a Terminate-Ack.
• Stopping—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Last started—IPCP state start time.
• Last completed—IPCP state authentication completion time.
• Negotiated options:
• compression protocol—Negotiate the use of a specific compression protocol. By default,compression is not enabled.
• local address—Desired local address of the sender of a Configure-Request. If all fouroctets are set to zero, the peer provides the IP address.
• primaryDNSserver—Negotiatewith the remote peer to select the address of the primaryDNS server to be used on the local end of the link.
• primaryWINSserver—Negotiatewith the remotepeer to select theaddressof theprimaryWINS server to be used on the local end of the link.
• remote address—IP address of the remote end of the link in dotted quad notation.
• secondary DNS server—Negotiate with the remote peer to select the address of thesecondary DNS server to be used on the local end of the link.
• secondaryWINS server—Negotiate with the remote peer to select the address of thesecondaryWINS server to be used on the local end of the link.
• Negotiationmode—PPPNetwork Control Protocol (NCP) negotiationmode configured forIPCP: Active or Passive
IPCP
671Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 38: show ppp interface Output Fields (continued)
Level ofOutputField DescriptionField Name
extensiveInternet Protocol version 6 Control Protocol (IPv6CP) information.
• State—(All platforms except M120 and M320 routers) One of the following values:
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is not available for traffic.
• Opened—Link is administratively available for traffic.
• Req-sent—An attempt has beenmade to configure the connection.
• State—(M120 and M320 routers) One of the following values:
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is available (up), but no Open has occurred.
• Closing—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Opened—Link is administratively available for traffic. A Configure-Ack has been bothsent and received.
• Req-sent—Anattempthasbeenmade toconfigure theconnection.AConfigure-Requesthas been sent but a Configure-Ack has not yet been received.
• Starting—AnadministrativeOpenhasbeen initiated, but the lower layer is still unavailable(Down).
• Stopped—The system is waiting for a Down event after the This-Layer-Finished action,or after sending a Terminate-Ack.
• Stopping—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Last started—IPV6CP state start time.
• Last completed—IPV6CP state authentication completion time.
• Negotiated options:
• local interface identifier—Desired local address of the sender of a Configure-Request. Ifall four octets are set to zero, the peer provides the IP address.
• remote interface identifier—IP address of the remote end of the link in dotted quadnotation.
• Negotiationmode—PPPNetwork Control Protocol (NCP) negotiationmode configured forIPv6CP: Active or Passive
IPV6CP
Copyright © 2018, Juniper Networks, Inc.672
Broadband Subscriber ManagementWholesale Feature Guide
Table 38: show ppp interface Output Fields (continued)
Level ofOutputField DescriptionField Name
extensiveOSI Network Layer Control Protocol (OSINLCP) protocol state information (all platformsexcept M120 and M320 routers):
• State:
• Ack-rcvd—Configure-Request has been sent and Configure-Ack has been received.
• Ack-sent—Configure-RequestandConfigure-Ackhavebothbeensent, butConfigure-Ackhas not yet been received.
• Closed—Link is not available for traffic.
• Opened—Link is administratively available for traffic.
• Req-sent—Attempt has beenmade to configure the connection.
• Last started—OSINLCP state start time.
• Last completed—OSINCLP state completion time.
OSINLCP State
extensivenone
TAGCP information.
• State—(All platforms except M120 and M320 routers) One of the following values:
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is not available for traffic.
• Opened—Link is administratively available for traffic.
• Req-sent—An attempt has beenmade to configure the connection.
• State—(M120 and M320 routers) One of the following values:
• Ack-rcvd—A Configure-Request has been sent and a Configure-Ack has been received.
• Ack-sent—A Configure-Request and a Configure-Ack have both been sent, but aConfigure-Ack has not yet been received.
• Closed—Link is available (up), but no Open has occurred.
• Closing—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Opened—Link is administratively available for traffic. A Configure-Ack has been bothsent and received.
• Req-sent—Anattempthasbeenmade toconfigure theconnection.AConfigure-Requesthas been sent but a Configure-Ack has not yet been received.
• Starting—AnadministrativeOpenhasbeen initiated, but the lower layer is still unavailable(Down).
• Stopped—The system is waiting for a Down event after the This-Layer-Finished action,or after sending a Terminate-Ack.
• Stopping—A Terminate-Request has been sent but a Terminate-Ack has not yet beenreceived.
• Last started—TAGCP state start time.
• Last completed—TAGCP state authentication completion time.
TAGCP
673Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sample Output
show ppp interface
user@host> show ppp interface si-1/3/0.0Session si-1/3/0.0, Type: PPP, Phase: Authenticate Session flags: Monitored LCP State: Opened AUTHENTICATION: CHAP State: Chap-resp-sent, Chap-ans-sent IPCP State: Closed, OSINLCP State: Closed
show ppp interface extensive
user@host> show ppp interface si-0/0/3.0 extensive
Session si-0/0/3.0, Type: PPP, Phase: NetworkKeepalive settings: Interval 30 seconds, Up-count 1, Down-count 3 Magic-Number validation: disableRE Keepalive statistics: LCP echo req Tx : 657 (last sent 00:50:10 ago) LCP echo req Rx : 0 (last seen: never) LCP echo rep Tx : 0 LCP echo rep Rx : 657 LCP echo req timout : 0 LCP Rx echo req Magic Num Failures : 0 LCP Rx echo rep Magic Num Failures : 0LCP State: Opened Last started: 2007-01-29 10:43:50 PST Last completed: 2007-01-29 10:43:50 PST Negotiated options: Authentication protocol: PAP, Magic number: 2341124815, MRU: 4470Authentication: PAP State: Success Last started: 2007-01-29 10:43:50 PST Last completed: 2007-01-29 10:43:50 PSTIPCP State: Opened Last started: 2007-01-29 10:43:50 PST Last completed: 2007-01-29 10:43:50 PST Negotiated options: Local address: 203.0.113.21, Remote address: 203.0.113.22 Negotiation mode: ActiveIPV6CP State: Opened Last started: 2007-01-29 10:43:50 PST Last completed: 2007-01-29 10:43:50 PST Negotiated options: Local interface identifier: 2a0:a522:64:d319, Remote interface identifier: 0:0:0:c Negotiation mode: Passive
show ppp interface terse
user@host> show ppp interface si-1/3/0 terseSession name Session type Session phase Session flagssi-1/3/0.0 PPP Authenticate Monitored
Copyright © 2018, Juniper Networks, Inc.674
Broadband Subscriber ManagementWholesale Feature Guide
show subscribers
Syntax show subscribers<detail | extensive | terse><aci-interface-set-name aci-interface-set-name><address address><agent-circuit-identifier agent-circuit-identifier-substring><client-type client-type><count><id session-id <accounting-statistics>><interface interface <accounting-statistics>><logical-system logical-system><mac-addressmac-address><physical-interface physical-interface-name><profile-name profile-name><routing-instance routing-instance><stacked-vlan-id stacked-vlan-id><subscriber-state subscriber-state><user-name user-name><vci vci-identifier><vpi vpi-identifier><vlan-id vlan-id>
Release Information Command introduced in Junos OS Release 9.3.
Command introduced in Junos OS Release 9.3 for EX Series switches.
client-type,mac-address, subscriber-state, and extensive options introduced in JunosOS
Release 10.2.
count option usage with other options introduced in Junos OS Release 10.2.
Command introduced in Junos OS Release 11.1 for the QFX Series.
Optionsaci-interface-set-nameandagent-circuit-identifier introduced in JunosOSRelease
12.2.
The physical-interface and user-name options introduced in Junos OS Release 12.3.
Options vci and vpi introduced in Junos OS Release 12.3R3 and supported in later 12.3Rx
releases.
Options vciand vpi supported in JunosOSRelease 13.2 and later releases. (Not supported
in Junos OS Release 13.1.)
Command introduced in Junos OS Release 14.1X53-D20 for the OCX Series.
Enhanced subscriber management supported in Junos OS Release 15.1R3 for the MX
Series.
accounting-statistics option added in Junos OS Release 15.1R3 and 17.4R1 for MX Series.
Description Display information for active subscribers.
Options detail | extensive | terse—(Optional) Display the specified level of output.
aci-interface-set-name—(Optional) Display all dynamic subscriber sessions that usethe specified agent circuit identifier (ACI) interface set. Use the ACI interface set
name generated by the router, such as aci-1003-ge-1/0/0.4001, and not the actual
ACI value found in the DHCP or PPPoE control packets.
675Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
address—(Optional)Displaysubscriberswhose IPaddressmatches thespecifiedaddress.Youmust specify the IPv4 or IPv6 address prefix without a netmask (for example,
192.0.2.0). If you specify the IP address as a prefix with a netmask (for example,
192.0.2.0/32), the router displaysamessage that the IPaddress is invalid, and rejects
the command.
agent-circuit-identifier-substring—(Optional) Display all dynamic subscriber sessionswhose ACI value matches the specified substring.
client-type—(Optional) Display subscribers whose client typematches one of thefollowing client types:
• dhcp—DHCP clients only.
• dotlx—Dotlx clients only.
• essm—ESSM clients only.
• fwauth—FwAuth (authenticated across a firewall) clients only.
• l2tp—L2TP clients only.
• mlppp—MLPPP clients only.
• ppp—PPP clients only.
• pppoe—PPPoE clients only.
• static—Static clients only.
• vlan—VLAN clients only.
• vlan-oob—VLAN out-of-band (ANCP-triggered) clients only.
• vpls-pw—VPLS pseudowire clients only.
• xauth—Xauth clients only.
count—(Optional) Display the count of total subscribers and active subscribers for anyspecified option. You can use the count option alone orwith the address, client-type,
interface, logical-system,mac-address,profile-name, routing-instance,stacked-vlan-id,
subscriber-state, or vlan-id options.
id session-id—(Optional)Displaya specific subscriber sessionwhose session IDmatchesthe specified subscriber ID. You can display subscriber IDs by using the show
subscribers extensive or the show subscribers interface extensive commands.
id session-id accounting-statistics—(Optional) Display accurate subscriber accountingstatistics for a subscriber session with the specified ID. Requires the
actual-transmit-statistics statement to be configured in the dynamic profile for the
dynamic logical interface.
interface—(Optional)Displaysubscriberswhose interfacematches thespecified interface.
Copyright © 2018, Juniper Networks, Inc.676
Broadband Subscriber ManagementWholesale Feature Guide
interface accounting-statistics—(Optional) Display subscriber accounting statistics forthe specified interface. Requires the actual-transmit-statistics statement to be
configured in the dynamic profile for the dynamic logical interface.
logical-system—(Optional) Display subscribers whose logical systemmatches the
specified logical system.
mac-address—(Optional)Display subscriberswhoseMACaddressmatches thespecifiedMAC address.
physical-interface-name—(M120, M320, andMX Series routers only) (Optional) Displaysubscribers whose physical interface matches the specified physical interface.
profile-name—(Optional) Display subscribers whose dynamic profile matches thespecified profile name.
routing-instance—(Optional) Display subscribers whose routing instancematches thespecified routing instance.
stacked-vlan-id—(Optional) Display subscribers whose stacked VLAN IDmatches thespecified stacked VLAN ID.
subscriber-state—(Optional) Display subscribers whose subscriber state matches thespecified subscriber state (ACTIVE, CONFIGURED, INIT, TERMINATED, or
TERMINATING).
user-name—(M120, M320, and MX Series routers only) (Optional) Display subscriberswhose usernamematches the specified subscriber name.
vci-identifier—(MX Series routers with MPCs and ATMMICs with SFP only) (Optional)
Display active ATM subscribers whose ATM virtual circuit identifier (VCI) matches
the specified VCI identifier. The range of values is 0 through 255.
vpi-identifier—(MX Series routers with MPCs and ATMMICs with SFP only) (Optional)
Display active ATM subscribers whose ATM virtual path identifier (VPI)matches the
specified VPI identifier. The range of values is 0 through 65,535.
vlan-id—(Optional) Display subscribers whose VLAN IDmatches the specified VLAN ID,regardless of whether the subscriber uses a single-tagged or double-tagged VLAN.
For subscribers using a double-tagged VLAN, this option displays subscribers where
the innerVLANtagmatches the specifiedVLAN ID.Todisplayonly subscriberswhere
the specified value matches only double-tagged VLANs, use the stacked-vlan-id
stacked-vlan-id option to match the outer VLAN tag.
NOTE: Because of display limitations, logical system and routing instanceoutput values are truncated when necessary.
Required PrivilegeLevel
view
677Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
RelatedDocumentation
show subscribers summary on page 705•
• Verifying and Managing Agent Circuit Identifier-Based Dynamic VLAN Configuration
• Verifying and Managing Configurations for Dynamic VLANs Based on Access-Line
Identifiers
• Verifying and Managing Junos OS Enhanced Subscriber Management
List of Sample Output show subscribers (IPv4) on page 685show subscribers (IPv6) on page 685show subscribers (IPv4 and IPv6 Dual Stack) on page 685show subscribers (Single Session DHCPDual Stack) on page 685show subscribers (Single Session DHCPDual Stack detail) on page 686show subscribers (LNS onMX Series Routers) on page 686show subscribers (L2TP Switched Tunnels) on page 686show subscribers client-type dhcp detail on page 686show subscribers client-type dhcp extensive on page 687show subscribers client-type vlan-oob detail on page 687show subscribers count on page 688show subscribers address detail (IPv6) on page 688show subscribers detail (IPv4) on page 688show subscribers detail (IPv6) on page 689show subscribers detail (pseudowire Interface for GRE Tunnel) on page 689show subscribers detail (IPv6 Static Demux Interface) on page 689show subscribers detail (L2TP LNS Subscribers onMX Series Routers) on page 690show subscribers detail (L2TP Switched Tunnels) on page 690show subscribers detail (Tunneled Subscriber) on page 690show subscribers detail (IPv4 and IPv6 Dual Stack) on page 691show subscribers detail (ACI Interface Set Session) on page 691showsubscribersdetail (PPPoESubscriberSessionwithACI InterfaceSet)onpage692show subscribers extensive on page 692showsubscribersextensive(PassiveOpticalNetworkCircuit InterfaceSet)onpage693show subscribers extensive (DNS Addresses fromAccess Profile or GlobalConfiguration) on page 693show subscribers extensive (DNS Addresses fromRADIUS) on page 693show subscribers extensive (IPv4 DNS Addresses fromRADIUS, IPv6 fromAccessProfile or Global Configuration) on page 694show subscribers extensive (RPF Check Fail Filter) on page 694showsubscribersextensive(L2TPLNSSubscribersonMXSeriesRouters)onpage695show subscribers extensive (IPv4 and IPv6 Dual Stack) on page 695show subscribers extensive (ADF Rules ) on page 696show subscribers extensive (Effective Shaping-Rate) on page 696show subscribers extensive (PPPoE Subscriber Access Line Rates on page 697show subscribers extensive (Subscriber Session Using PCEF Profile) on page 698showsubscribersaci-interface-set-namedetail (SubscriberSessionsUsingSpecifiedACI Interface Set) on page 699show subscribers agent-circuit-identifier detail (Subscriber Sessions Using SpecifiedACI Substring) on page 699
Copyright © 2018, Juniper Networks, Inc.678
Broadband Subscriber ManagementWholesale Feature Guide
show subscribers id accounting-statistics on page 700show subscribers interface accounting-statistics on page 700show subscribers interface extensive on page 701show subscribers logical-system terse on page 702show subscribers physical-interface count on page 702show subscribers routing-instance inst1 count on page 702show subscribers stacked-vlan-id detail on page 702show subscribers stacked-vlan-id vlan-id detail (Combined Output) on page 702show subscribers stacked-vlan-id vlan-id interface detail (Combined Output for aSpecific Interface) on page 702show subscribers user-name detail on page 702show subscribers vlan-id on page 703show subscribers vlan-id detail on page 703showsubscribersvpivci extensive(PPPoE-over-ATMSubscriberSession)onpage703show subscribers address detail (Enhanced Subscriber Management) on page 704
Output Fields Table 39 on page 679 lists the output fields for the show subscribers command. Output
fields are listed in the approximate order in which they appear.
Table 39: show subscribers Output Fields
Field DescriptionField Name
Interface associated with the subscriber. The router or switch displays subscribers whose interfacematches or begins with the specified interface.
The * character indicates a continuation of addresses for the same session.
Interface
Subscriber IP address or VLAN ID associated with the subscriber in the form tpid.vlan-id
No IPaddressorVLAN ID isassigned toanL2TPtunnel-switchedsession. For thesesubscriber sessionsthe value is Tunnel-switched.
IP Address/VLAN ID
Name of subscriber.User Name
Logical system and routing instance associated with the subscriber.LS:RI
Subscriber client type (DHCP, GRE, L2TP, PPP, PPPoE, STATIC-INTERFACE, VLAN).Type
Subscriber IPv4 address.IP Address
Subscriber IP netmask.
(MXSeries)This fielddisplays255.255.255.255bydefault. For tunneledor terminatedPPPsubscribersonly, this field displays the actual value of Framed-IP-Netmask when the SDB_FRAMED_PROTOCOLattribute in the session database is equal to AUTHD_FRAMED_PROTOCOL_PPP. This occurs in theuse case where the LNS generates access-internal routes when it receives Framed-IP-Netmask fromRADIUS during authorization. When it receives Framed-Pool from RADIUS, the pool mask is ignoredand the default /32 mask is used.
IP Netmask
IP address of primary DNS server.
This field is displayed with the extensive option only when the address is provided by RADIUS.
Primary DNS Address
679Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 39: show subscribers Output Fields (continued)
Field DescriptionField Name
IP address of secondary DNS server.
This field is displayed with the extensive option only when the address is provided by RADIUS.
SecondaryDNSAddress
IPv6 address of primary DNS server.
This field is displayed with the extensive option only when the address is provided by RADIUS.
IPv6 Primary DNSAddress
IPv6 address of secondary DNS server.
This field is displayed with the extensive option only when the address is provided by RADIUS.
IPv6 Secondary DNSAddress
IP addresses for the DNS server, displayed in order of configuration.
This field is displayed with the extensive option only when the addresses are derived from the accessprofile or the global access configuration.
Domain name serverinet
IPv6 addresses for the DNS server, displayed in order of configuration.
This field is displayed with the extensive option only when the addresses are derived from the accessprofile or the global access configuration.
Domain name serverinet6
IP address of primaryWINS server.PrimaryWINS Address
IP address of secondaryWINS server.SecondaryWINSAddress
Subscriber IPv6 address, or multiple addresses.IPv6 Address
Subscriber IPv6 prefix. If you are using DHCPv6 prefix delegation, this is the delegated prefix.IPv6 Prefix
IPv6 prefix obtained through ND/RA.IPv6 User Prefix
Subscriber IPv6 address pool. The IPv6 address pool is used to allocate IPv6 prefixes to the DHCPv6clients.
IPv6 Address Pool
Length of the network portion of the IPv6 address.IPv6 Network PrefixLength
Length of the subscriber IPv6 prefix.IPv6 Prefix Length
Logical system associated with the subscriber.Logical System
Routing instance associated with the subscriber.Routing Instance
(Enhanced subscriber management for MX Series routers) Name of the enhanced subscribermanagement logical interface, in the form demux0.nnnn (for example, demux0.3221225472), towhichaccess-internal and framed subscriber routes are mapped.
Interface
Whether the subscriber interface is Static or Dynamic.Interface Type
Copyright © 2018, Juniper Networks, Inc.680
Broadband Subscriber ManagementWholesale Feature Guide
Table 39: show subscribers Output Fields (continued)
Field DescriptionField Name
Internally generated name of the dynamic ACI or ALI interface set used by the subscriber session. Theprefix of the name indicates the string received in DHCP or PPPoE control packets on which theinterface set is based. For ALI interface sets, the prefix indicates that the value is configured as atrusted option to identify the subscriber line.
The name of the interface set uses one of the following prefixes:
• aci—ACI; for example, aci-1033-demux0.3221225524.This is theonlyprefix allowed forACI interfacesets.
• ari—ARI; for example, ari-1033-demux0.3221225524.
• aci+ari—Both the ACI and ARI; for example, aci+ari-1033-demux0.3221225524.
• noids—Neither the ACI nor the ARI were received; for example, noids-1033-demux0.3221225524.
NOTE: ACI interface sets are configured with the agent-circuit-identifier autoconfiguration stanza.ALI interface sets are configured with the line-identity autoconfiguration stanza.
Besides dynamic ACI and ALI interface sets, this field can be an interface set based on a substring ofthe ARI string. This occurs when the dynamic profile includes the predefined variable$junos-pon-id-interface-set-name, and the profile is applied for a passive optical network (PON).The ARI string is inserted by the optical line terminal (OLT). The final substring in the string, uniquefor the PON, identifies individual subscriber circuits, and is used as the name of the interface set.
Interface Set
Interface type of the ACI interface set: Dynamic. This is the only ACI interface set type currentlysupported.
Interface Set Type
Identifier of the dynamic ACI interface set entry in the session database.Interface Set Session ID
Name of the underlying interface for the subscriber session.Underlying Interface
Dynamic profile used for the subscriber.Dynamic Profile Name
Version number of the dynamic profile used for the subscriber.DynamicProfile Version
MAC address associated with the subscriber.MACAddress
Current state of the subscriber session (Init, Configured, Active, Terminating, Tunneled).State
Current state of the L2TP session, Tunneled or Tunnel-switched. When the value is Tunnel-switched,two entries are displayed for the subscriber; the first entry is at the LNS interface on the LTS and thesecond entry is at the LAC interface on the LTS.
L2TP State
Name of the L2TP tunnel switch profile that initiates tunnel switching.Tunnel switch ProfileName
IP address of the local gateway (LAC).Local IP Address
IP address of the remote peer (LNS).Remote IP Address
VLAN ID associated with the subscriber in the form tpid.vlan-id.VLAN Id
681Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 39: show subscribers Output Fields (continued)
Field DescriptionField Name
Stacked VLAN ID associated with the subscriber in the form tpid.vlan-id.Stacked VLAN Id
RADIUS accounting ID associated with the subscriber.RADIUS Accounting ID
For the dhcp client type, option 82 agent circuit ID associated with the subscriber. The ID is displayedas an ASCII string unless the value has nonprintable characters, in which case it is displayed inhexadecimal format.
For the vlan-oob client type, the agent circuit ID or access-loop circuit identifier that identifies thesubscriber line based on the subscriber-facing DSLAM interface on which the subscriber requestoriginates.
Agent Circuit ID
For the dhcp client type, option 82 agent remote ID associatedwith the subscriber. The ID is displayedas an ASCII string unless the value has nonprintable characters, in which case it is displayed inhexadecimal format.
For the vlan-oob client type, the agent remote ID or access-loop remote identifier that identifies thesubscriber line based on the NAS-facing DSLAM interface onwhich the subscriber request originates.
Agent Remote ID
Actual transmitted subscriber accounting statistics by session ID or interface. Service accountingstatistics are not included. These statistics do not include overhead bytes or dropped packets; theyare the accurate statistics used by RADIUS. The statistics are counted when theactual-transmit-statistics statement is included in the dynamic profile.
Accounting Statistics
IP address used by the DHCP relay agent.DHCP Relay IP Address
(MX Series routers with MPCs and ATMMICs with SFP only) ATM virtual path identifier (VPI) on thesubscriber’s physical interface.
ATMVPI
(MX Series routers with MPCs and ATMMICs with SFP only) ATM virtual circuit identifier (VCI) foreach VPI configured on the subscriber interface.
ATMVCI
Date and time at which the subscriber logged in.Login Time
len = number of hex values in the message. The hex values specify the type, length, value (TLV) forDHCPv6 options.
DHCPV6Options
len = number of hex values in the message. The hex values specify the type, length, value (TLV) forDHCP options.
Server DHCPOptions
len = number of hex values in the message. The hex values specify the type, length, value (TLV) forDHCPv6 options.
ServerDHCPV6Options
len = number of hex values in the message. The hex values specify the type, length, value (TLV) forDHCPv6 options.
DHCPV6Header
Actual downstream traffic shaping rate for the subscriber, in kilobits per second.Effective shaping-rate
Input service set in access dynamic profile.IPv4 Input Service Set
Copyright © 2018, Juniper Networks, Inc.682
Broadband Subscriber ManagementWholesale Feature Guide
Table 39: show subscribers Output Fields (continued)
Field DescriptionField Name
Output service set in access dynamic profile.IPv4OutputServiceSet
PCEF profile in access dynamic profile.PCEF Profile
PCC rule or rulebase used in dynamic profile.PCEF Rule/Rulebase
Values for variables that are passed into the dynamic profile from RADIUS.Dynamic configuration
Time at which the first family in this service became active.Service activation time
Name of the filter applied by the dynamic profile to IPv4 packets that fail the RPF check.IPv4 rpf-checkFail FilterName
Name of the filter applied by the dynamic profile to IPv6 packets that fail the RPF check.IPv6 rpf-checkFail FilterName
len = number of hex values in the message. The hex values specify the type, length, value (TLV) forDHCP options, as defined in RFC 2132.
DHCPOptions
ID number for a subscriber session.Session ID
ForDHCPv6subscribersonaPPPoEnetwork, displays thesession IDof theunderlyingPPPoE interface.Underlying Session ID
Number of service sessions (that is, a service activated using RADIUS CoA) associated with thesubscribers.
Service Sessions
ID number for a subscriber service session.Service Session ID
Service session profile name.Service Session Name
Numberof secondsofaccessprovided to thesubscriberbefore thesession isautomatically terminated.Session Timeout(seconds)
Number of seconds subscriber can be idle before the session is automatically terminated.Idle Timeout (seconds)
Name of the pool used for DHCPv6 prefix delegation.IPv6DelegatedAddressPool
Length of the prefix configured for the IPv6 delegated address pool.IPv6DelegatedNetworkPrefix Length
Address assigned by the Framed-Ipv6-Prefix AAA attribute. This field is displayed only when thepredefined variable $junos-ipv6-address is used in the dynamic profile.
IPv6 Interface Address
Interface ID assigned by the Framed-Interface-Id AAA attribute.IPv6 Framed InterfaceId
683Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 39: show subscribers Output Fields (continued)
Field DescriptionField Name
Name assigned to the Ascend-Data-Filter (ADF) interface IPv4 input filter (client or service session).The filter name is followed by the rules (in hexadecimal format) associated with the ADF filter andthe decoded rule in Junos OS filter style.
ADF IPv4 Input FilterName
Nameassigned to theAscend-Data-Filter (ADF) interface IPv4output filter (client or service session).The filter name is followed by the rules (in hexadecimal format) associated with the ADF filter andthe decoded rule in Junos OS filter style.
ADF IPv4 Output FilterName
Name assigned to the Ascend-Data-Filter (ADF) interface IPv6 input filter (client or service session).The filter name is followed by the rules (in hexadecimal format) associated with the ADF filter andthe decoded rule in Junos OS filter style.
ADF IPv6 Input FilterName
Nameassigned to theAscend-Data-Filter (ADF) interface IPv6output filter (client or service session).The filter name is followed by the rules (in hexadecimal format) associated with the ADF filter andthe decoded rule in Junos OS filter style.
ADF IPv6 Output FilterName
Name assigned to the IPv4 input filter (client or service session).IPv4 Input Filter Name
Name assigned to the IPv4 output filter (client or service session).IPv4OutputFilterName
Name assigned to the IPv6 input filter (client or service session).IPv6 Input Filter Name
Name assigned to the IPv6 output filter (client or service session).IPv6OutputFilterName
Name assigned to the logical interface input filter (client or service session).IFL Input Filter Name
Name assigned to the logical interface output filter (client or service session).IFL Output Filter Name
PPPoE subscriber’s access line type reported by the PPPoE intermediate agent in a PADI or PADOpacket in the Vendor-Specific-Tags TLV in subattribute DSL-Type (0x0091). The DSL type is one ofthe following types: ADSL, ADSL2, ADSL2+,OTHER, SDSL, VDSL, or VDSL2.
DSL type
Mode type of the PPPoE subscriber’s access line determined by the PPPoE daemon based on thereceived subattribute DSL-Type (0x0091):
• Cell—When the DSL line type is one of the following: ADSL, ADSL2, or ADSL2+.
• Frame—When the DSL line type is one of the following: OTHER, SDSL, VDSL, or VDSL2.
The value is stored in the subscriber session database.
Frame/Cell Mode
Number of bytes added to or subtracted from the actual downstream cell or frame overhead toaccount for the technology overhead of the DSL line type. The value is determined by the PPPoEdaemonbased on the received subattributeDSL-Type (0x0091). The value is stored in the subscribersession database.
Overhead accountingbytes
Unadjusted upstream data rate for the PPPoE subscriber’s access line reported by the PPPoEintermediate agent in a PADI or PADO packet in the Vendor-Specific-Tags TLV in subattributeActual-Net-Data-Rate-Upstream (0x0081).
Actual upstream datarate
Copyright © 2018, Juniper Networks, Inc.684
Broadband Subscriber ManagementWholesale Feature Guide
Table 39: show subscribers Output Fields (continued)
Field DescriptionField Name
Unadjusted downstream data rate for the PPPoE subscriber’s access line reported by the PPPoEintermediate agent in a PADI or PADO packet in the Vendor-Specific-Tags TLV in subattributeActual-Net-Data-Rate-Downstream (0x0082).
Actual downstreamdata rate
Adjusted downstream data rate for the PPPoE subscriber’s access line, calculated by the PPPoEdaemon and stored in the subscriber session database.
Adjusted downstreamdata rate
Adjustedupstreamdata rate for thePPPoE subscriber’s access line, calculatedby thePPPoEdaemonand stored in the subscriber session database.
Adjustedupstreamdatarate
Sample Output
show subscribers (IPv4)
user@host> show subscribersInterface IP Address/VLAN ID User Name LS:RIge-1/3/0.1073741824 10 default:defaultdemux0.1073741824 203.0.113.10 WHOLESALER-CLIENT default:defaultdemux0.1073741825 203.0.113.3 RETAILER1-CLIENT test1:retailer1demux0.1073741826 203.0.113.3 RETAILER2-CLIENT test1:retailer2
show subscribers (IPv6)
user@host> show subscribersInterface IP Address/VLAN ID User Name LS:RIge-1/0/0.0 2001:db8:c0:0:0:0/74 WHOLESALER-CLIENT default:default * 2001:db8:1/128 subscriber-25 default:default
show subscribers (IPv4 and IPv6 Dual Stack)
user@host> show subscribersInterface IP Address/VLAN ID User Name LS:RIdemux0.1073741834 0x8100.1002 0x8100.1 default:defaultdemux0.1073741835 0x8100.1001 0x8100.1 default:defaultpp0.1073741836 203.0.113.13 [email protected] default:ASP-1* 2001:db8:1::/48* 2001:db8:1:1::/64pp0.1073741837 203.0.113.33 [email protected] default:ASP-1* 2001:db8:1:2:5::/64
show subscribers (Single Session DHCPDual Stack)
user@host> show subscribers
Interface IP Address/VLAN ID User Name LS:RIdemux0.1073741364 192.168.10.10 dual-stack-retail35 default:default
685Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
2001:db8::100:0:0:0/74 default:default 2001:db8:3ffe:0:4::/64
show subscribers (Single Session DHCPDual Stack detail)
user@host> show subscribers id 27 detailType: DHCPUser Name: dual-stack-retail33IP Address: 10.10.0.53IPv6 Address: 2001:db8:3000:0:0:8003::2IPv6 Prefix: 2001:db8:3ffe:0:4::/64Logical System: defaultRouting Instance: defaultInterface: ae0.3221225472Interface type: StaticUnderlying Interface: ae0.3221225472Dynamic Profile Name: dhcp-retail-18MAC Address: 00:00:5E:00:53:02State: ActiveDHCP Relay IP Address: 10.10.0.1Radius Accounting ID: 27Session ID: 27PFE Flow ID: 2Stacked VLAN Id: 2000VLAN Id: 1Login Time: 2014-05-15 10:12:10 PDTDHCP Options: len 6000 08 00 02 00 00 00 01 00 0a 00 03 00 01 00 00 64 01 01 0200 06 00 04 00 03 00 19 00 03 00 0c 00 00 00 00 00 00 00 0000 00 00 00 00 19 00 0c 00 00 00 00 00 00 00 00 00 00 00 00
show subscribers (LNS onMX Series Routers)
user@host> show subscribersInterface IP Address/VLAN ID User Name LS:RIsi-4/0/0.1 192.0.2.0 [email protected] default:default
show subscribers (L2TP Switched Tunnels)
user@host> show subscribersInterface IP Address/VLAN ID User Name LS:RIsi-2/1/0.1073741842 Tunnel-switched [email protected] default:default
si-2/1/0.1073741843 Tunnel-switched [email protected] default:default
show subscribers client-type dhcp detail
user@host> show subscribers client-type dhcp detailType: DHCPIP Address: 203.0.113.29IP Netmask: 255.255.0.0Logical System: defaultRouting Instance: defaultInterface: demux0.1073744127Interface type: DynamicDynamic Profile Name: dhcp-demuxMAC Address: 00:00:5e:00:53:98State: Active
Copyright © 2018, Juniper Networks, Inc.686
Broadband Subscriber ManagementWholesale Feature Guide
Radius Accounting ID: user :2304Login Time: 2009-08-25 14:43:52 PDT
Type: DHCPIP Address: 203.0.113.27IP Netmask: 255.255.0.0Logical System: defaultRouting Instance: defaultInterface: demux0.1073744383Interface type: DynamicDynamic Profile Name: dhcp-demux-profMAC Address: 00:00:5e:00:53:f3State: ActiveRadius Accounting ID: 1234 :2560Login Time: 2009-08-25 14:43:56 PDT
show subscribers client-type dhcp extensive
user@host> show subscribers client-type dhcp extensiveType: DHCPUser Name: userIP Address: 30.11.1.4IP Netmask: 255.0.0.0IPv6 Address: 7001:2:3::103IPv6 Prefix: 7001::/68Domain name server inet6: abcd::1 abcd::2 Logical System: defaultRouting Instance: defaultInterface: ge-0/0/0.0Interface type: StaticUnderlying Interface: ge-0/0/0.0MAC Address: 00:10:94:00:00:01State: ConfiguredRadius Accounting ID: 10Session ID: 10PFE Flow ID: 2VLAN Id: 100Agent Circuit ID: ge-0/0/0:100Agent Remote ID: ge-0/0/0:100Login Time: 2017-05-23 12:52:22 ISTDHCPV6 Options: len 6900 01 00 0e 00 01 00 01 59 23 e3 31 00 10 94 00 00 01 00 0800 02 00 00 00 19 00 29 00 00 00 00 00 04 9d 40 00 07 62 0000 1a 00 19 00 09 3a 80 00 27 8d 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00Server DHCP Options: len 133a 04 00 00 00 ff 00 3b 04 00 00 0f 00Server DHCPV6 Options: len 800 0a 00 04 ab cd ef abDHCPV6 Header: len 401 00 00 04IP Address Pool: al_pool30IPv6 Address Pool: ia_na_poolIPv6 Delegated Address Pool: prefix_delegate_pool
show subscribers client-type vlan-oob detail
user@host> show subscribers client-type vlan-oob detailType: VLAN-OOBUser Name: L2WS.line-aci-1.line-ari-1
687Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Logical System: defaultRouting Instance: ISP1Interface: demux0.1073744127Interface type: DynamicUnderlying Interface: ge-1/0/0Dynamic Profile Name: Prof_L2WSDynamic Profile Version: 1State: ActiveRadius Accounting ID: 1234Session ID: 77VLAN Id: 126Core-Facing Interface: ge-2/1/1VLAN Map Id: 6Inner VLAN Map Id: 2001Agent Circuit ID: line-aci-1Agent Remote ID: line-ari-1Login Time: 2013-10-29 14:43:52 EDT
show subscribers count
user@host> show subscribers countTotal Subscribers: 188, Active Subscribers: 188
show subscribers address detail (IPv6)
user@host> show subscribers address 203.0.113.137 detailType: PPPoEUser Name: pppoeTerV6User1SvcIP Address: 203.0.113.137IP Netmask: 255.0.0.0IPv6 User Prefix: 2001:db8:0:c88::/32Logical System: defaultRouting Instance: defaultInterface: pp0.1073745151Interface type: DynamicUnderlying Interface: demux0.8201Dynamic Profile Name: pppoe-client-profileMAC Address: 00:00:5e:00:53:53Session Timeout (seconds): 31622400Idle Timeout (seconds): 86400State: ActiveRadius Accounting ID: example demux0.8201:6544Session ID: 6544Agent Circuit ID: ifl3720Agent Remote ID: ifl3720Login Time: 2012-05-21 13:37:27 PDTService Sessions: 1
show subscribers detail (IPv4)
user@host> show subscribers detailType: DHCPIP Address: 203.0.113.29IP Netmask: 255.255.0.0Primary DNS Address: 192.0.2.0Secondary DNS Address: 192.0.2.1Primary WINS Address: 192.0.2.3Secondary WINS Address: 192.0.2.4Logical System: defaultRouting Instance: default
Copyright © 2018, Juniper Networks, Inc.688
Broadband Subscriber ManagementWholesale Feature Guide
Interface: demux0.1073744127Interface type: DynamicDynamic Profile Name: dhcp-demux-profMAC Address: 00:00:5e:00:53:98State: ActiveRadius Accounting ID: example :2304Idle Timeout (seconds): 600Login Time: 2009-08-25 14:43:52 PDTDHCP Options: len 5235 01 01 39 02 02 40 3d 07 01 00 10 94 00 00 08 33 04 00 0000 3c 0c 15 63 6c 69 65 6e 74 5f 50 6f 72 74 20 2f 2f 36 2f33 2d 37 2d 30 37 05 01 06 0f 21 2cService Sessions: 2
show subscribers detail (IPv6)
user@host> show subscribers detailType: DHCPUser Name: pd-user1IPv6 Prefix: 2001:db8:ffff:1::/32Logical System: defaultRouting Instance: defaultInterface: ge-3/1/3.2Interface type: StaticMAC Address: 00:00:5e:00:53:03State: ActiveRadius Accounting ID: 1Session ID: 1Login Time: 2011-08-25 12:12:26 PDTDHCP Options: len 4200 08 00 02 00 00 00 01 00 0a 00 03 00 01 00 51 ff ff 00 0300 06 00 02 00 19 00 19 00 0c 00 00 00 00 00 00 00 00 00 0000 00
show subscribers detail (pseudowire Interface for GRE Tunnel)
user@host> show subscribers detailInterface IP Address/VLAN ID User Name LS:RIps0.3221225484 30.1.0.2ps0.3221225485 30.1.0.3demux0.3221225486 1 default:default
demux0.3221225487 1 default:default
demux0.3221225488 100.16.0.1 default:default
demux0.3221225489 100.16.0.2 default:default
show subscribers detail (IPv6 Static Demux Interface)
user@host> show subscribers detailType: STATIC-INTERFACEUser Name: [email protected] Prefix: 2001:db8:3:4:5:6:7:aa/32Logical System: defaultRouting Instance: defaultInterface: demux0.1Interface type: StaticDynamic Profile Name: junos-default-profile
689Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
State: ActiveRadius Accounting ID: 185Login Time: 2010-05-18 14:33:56 EDT
show subscribers detail (L2TP LNS Subscribers onMX Series Routers)
user@host> show subscribers detailType: L2TPUser Name: [email protected] Address: 203.0.113.58IP Netmask: 255.255.0.0Logical System: defaultRouting Instance: defaultInterface: si-5/2/0.1073749824Interface type: DynamicDynamic Profile Name: dyn-lns-profile2Dynamic Profile Version: 1State: ActiveRadius Accounting ID: 8001Session ID: 8001Login Time: 2011-04-25 20:27:50 IST
show subscribers detail (L2TP Switched Tunnels)
user@host> show subscribers detailType: L2TPUser Name: [email protected] System: defaultRouting Instance: defaultInterface: si-2/1/0.1073741842Interface type: DynamicDynamic Profile Name: dyn-lts-profileState: ActiveL2TP State: Tunnel-switchedTunnel switch Profile Name: ce-lts-profileLocal IP Address: 203.0.113.51Remote IP Address: 192.0.2.0Radius Accounting ID: 21Session ID: 21Login Time: 2013-01-18 03:01:11 PST
Type: L2TPUser Name: [email protected] System: defaultRouting Instance: defaultInterface: si-2/1/0.1073741843Interface type: DynamicDynamic Profile Name: dyn-lts-profileState: ActiveL2TP State: Tunnel-switchedTunnel switch Profile Name: ce-lts-profileLocal IP Address: 203.0.113.31Remote IP Address: 192.0.2.1Session ID: 22Login Time: 2013-01-18 03:01:14 PST
show subscribers detail (Tunneled Subscriber)
user@host> show subscribers detail
Copyright © 2018, Juniper Networks, Inc.690
Broadband Subscriber ManagementWholesale Feature Guide
Type: PPPoEUser Name: [email protected] System: defaultRouting Instance: defaultInterface: pp0.1State: Active, TunneledRadius Accounting ID: 512
show subscribers detail (IPv4 and IPv6 Dual Stack)
user@host> show subscribers detailType: VLANLogical System: defaultRouting Instance: defaultInterface: demux0.1073741824Interface type: DynamicDynamic Profile Name: svlanProfileState: ActiveSession ID: 1Stacked VLAN Id: 0x8100.1001VLAN Id: 0x8100.1Login Time: 2011-11-30 00:18:04 PST
Type: PPPoEUser Name: [email protected] Address: 203.0.113.13IPv6 Prefix: 2001:db8:1::/32IPv6 User Prefix: 2001:db8:1:1::/32Logical System: defaultRouting Instance: ASP-1Interface: pp0.1073741825Interface type: DynamicDynamic Profile Name: dualStack-Profile1MAC Address: 00:00:5e:00:53:02State: ActiveRadius Accounting ID: 2Session ID: 2Login Time: 2011-11-30 00:18:05 PST
Type: DHCPIPv6 Prefix: 2001:db8:1::/32Logical System: defaultRouting Instance: ASP-1Interface: pp0.1073741825Interface type: StaticMAC Address: 00:00:5e:00:53:02State: ActiveRadius Accounting ID: test :3Session ID: 3Underlying Session ID: 2Login Time: 2011-11-30 00:18:35 PSTDHCP Options: len 4200 08 00 02 0b b8 00 01 00 0a 00 03 00 01 00 00 64 03 01 0200 06 00 02 00 19 00 19 00 0c 00 00 00 00 00 00 00 00 00 0000 00
show subscribers detail (ACI Interface Set Session)
user@host> show subscribers detail
691Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Type: VLANLogical System: defaultRouting Instance: defaultInterface: ge-1/0/0Interface Set: aci-1001-ge-1/0/0.2800Interface Set Session ID: 0Underlying Interface: ge-1/0/0.2800Dynamic Profile Name: aci-vlan-set-profile-2Dynamic Profile Version: 1State: ActiveSession ID: 1Agent Circuit ID: aci-ppp-dhcp-20Login Time: 2012-05-26 01:54:08 PDT
show subscribers detail (PPPoE Subscriber Session with ACI Interface Set)
user@host> show subscribers detailType: PPPoEUser Name: ppphint2IP Address: 203.0.113.15Logical System: defaultRouting Instance: defaultInterface: pp0.1073741825Interface type: DynamicInterface Set: aci-1001-demux0.1073741824Interface Set Type: DynamicInterface Set Session ID: 2Underlying Interface: demux0.1073741824Dynamic Profile Name: aci-vlan-pppoe-profileDynamic Profile Version: 1MAC Address: 00:00:5e:00:53:02State: ActiveRadius Accounting ID: 3Session ID: 3Agent Circuit ID: aci-ppp-dhcp-dvlan-50Login Time: 2012-03-07 13:46:53 PST
show subscribers extensive
user@host> show subscribers extensiveType: DHCPUser Name: pd-user1IPv6 Prefix: 2001:db8:ffff:1::/32Logical System: defaultRouting Instance: defaultInterface: ge-3/1/3.2Interface type: StaticMAC Address: 00:00:5e:00:53:03State: ActiveRadius Accounting ID: 1Session ID: 1Login Time: 2011-08-25 12:12:26 PDTDHCP Options: len 4200 08 00 02 00 00 00 01 00 0a 00 03 00 01 00 51 ff ff 00 0300 06 00 02 00 19 00 19 00 0c 00 00 00 00 00 00 00 00 00 0000 00IPv6 Address Pool: pd_poolIPv6 Network Prefix Length: 48
Copyright © 2018, Juniper Networks, Inc.692
Broadband Subscriber ManagementWholesale Feature Guide
show subscribers extensive (Passive Optical Network Circuit Interface Set)
user@host> show subscribers client-type dhcp extensiveType: DHCPIP Address: 192.0.2.136IP Netmask: 255.255.0.0Logical System: defaultRouting Instance: defaultInterface: demux0.1073741842Interface type: DynamicInterface Set: otl01.xyz101-202Underlying Interface: demux0.1073741841Dynamic Profile Name: dhcp-profileMAC Address: 00:10:94:00:00:02State: ActiveRadius Accounting ID: jnpr :19Session ID: 19VLAN Id: 1100Agent Remote ID: ABCD01234|100M|AAAA01234|otl01.xyz101-202
Login Time: 2017-03-29 10:30:46 PDTDHCP Options: len 9735 01 01 39 02 02 40 3d 07 01 00 10 94 00 00 02 33 04 00 0017 70 0c 15 63 6c 69 65 6e 74 5f 50 6f 72 74 20 2f 2f 32 2f32 2d 31 2d 31 37 05 01 06 0f 21 2c 52 2b 02 29 41 42 43 4430 31 32 33 34 7c 31 30 30 4d 7c 41 41 41 41 30 31 32 33 347c 6f 74 6c 30 31 2e 78 79 7a 31 30 31 2d 32 30 32IP Address Pool: POOL-V4
show subscribers extensive (DNS Addresses fromAccess Profile or Global Configuration)
user@host> show subscribers extensiveType: DHCPUser Name: test-user@example-comIP Address: 192.0.2.119IP Netmask: 255.255.255.255Domain name server inet: 198.51.100.1 198.51.100.2IPv6 Address: 2001:db8::1:11Domain name server inet6: 2001:db8:5001::12 2001:db8:3001::12Logical System: defaultRouting Instance: defaultInterface: ge-2/0/3.0Interface type: StaticUnderlying Interface: ge-2/0/3.0MAC Address: 00:00:5E:00:53:00State: ActiveRadius Accounting ID: 5Session ID: 5Login Time: 2017-01-31 11:16:21 ISTDHCP Options: len 5335 01 01 39 02 02 40 3d 07 01 00 10 94 00 00 03 33 04 00 0000 3c 0c 16 63 6c 69 65 6e 74 5f 50 6f 72 74 20 2f 2f 35 2f31 32 2d 30 2d 30 37 05 01 06 0f 21 2cIP Address Pool: v4-pool
show subscribers extensive (DNS Addresses fromRADIUS)
user@host> show subscribers extensiveType: DHCPUser Name: test-user@example-com
693Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
IP Address: 192.0.2.119IP Netmask: 255.255.255.255Primary DNS Address: 198.51.100.1Secondary DNS Address: 198.51.100.2IPv6 Address: 2001:db8::1:11IPv6 Primary DNS Address: 2001:db8:5001::12IPv6 Secondary DNS Address: 2001:db8:3001::12Logical System: defaultRouting Instance: defaultInterface: ge-2/0/3.0Interface type: StaticUnderlying Interface: ge-2/0/3.0MAC Address: 00:00:5E:00:53:00State: ActiveRadius Accounting ID: 5Session ID: 5Login Time: 2017-01-31 11:16:21 ISTDHCP Options: len 5335 01 01 39 02 02 40 3d 07 01 00 10 94 00 00 03 33 04 00 0000 3c 0c 16 63 6c 69 65 6e 74 5f 50 6f 72 74 20 2f 2f 35 2f31 32 2d 30 2d 30 37 05 01 06 0f 21 2cIP Address Pool: v4-pool
showsubscribersextensive(IPv4DNSAddressesfromRADIUS, IPv6fromAccessProfileorGlobalConfiguration)
user@host> show subscribers extensiveType: DHCPUser Name: test-user@example-comIP Address: 192.0.2.119IP Netmask: 255.255.255.255Primary DNS Address: 198.51.100.1Secondary DNS Address: 198.51.100.2IPv6 Address: 2001:db8::1:11Domain name server inet6: 2001:db8:5001::12 2001:db8:3001::12Logical System: defaultRouting Instance: defaultInterface: ge-2/0/3.0Interface type: StaticUnderlying Interface: ge-2/0/3.0MAC Address: 00:00:5E:00:53:00State: ActiveRadius Accounting ID: 5Session ID: 5Login Time: 2017-01-31 11:16:21 ISTDHCP Options: len 5335 01 01 39 02 02 40 3d 07 01 00 10 94 00 00 03 33 04 00 0000 3c 0c 16 63 6c 69 65 6e 74 5f 50 6f 72 74 20 2f 2f 35 2f31 32 2d 30 2d 30 37 05 01 06 0f 21 2cIP Address Pool: v4-pool
show subscribers extensive (RPF Check Fail Filter)
user@host> show subscribers extensive...Type: VLAN Logical System: default Routing Instance: default Interface: ae0.1073741824 Interface type: Dynamic Dynamic Profile Name: vlan-prof
Copyright © 2018, Juniper Networks, Inc.694
Broadband Subscriber ManagementWholesale Feature Guide
State: Active Session ID: 9 VLAN Id: 100 Login Time: 2011-08-26 08:17:00 PDT IPv4 rpf-check Fail Filter Name: rpf-allow-dhcp IPv6 rpf-check Fail Filter Name: rpf-allow-dhcpv6...
show subscribers extensive (L2TP LNS Subscribers onMX Series Routers)
user@host> show subscribers extensiveType: L2TPUser Name: [email protected] Address: 203.0.113.58IP Netmask: 255.255.0.0Logical System: defaultRouting Instance: defaultInterface: si-5/2/0.1073749824Interface type: DynamicDynamic Profile Name: dyn-lns-profile2Dynamic Profile Version: 1State: ActiveRadius Accounting ID: 8001Session ID: 8001Login Time: 2011-04-25 20:27:50 ISTIPv4 Input Filter Name: classify-si-5/2/0.1073749824-inIPv4 Output Filter Name: classify-si-5/2/0.1073749824-out
show subscribers extensive (IPv4 and IPv6 Dual Stack)
user@host> show subscribers extensiveType: VLANLogical System: defaultRouting Instance: defaultInterface: demux0.1073741824Interface type: DynamicDynamic Profile Name: svlanProfileState: ActiveSession ID: 1Stacked VLAN Id: 0x8100.1001VLAN Id: 0x8100.1Login Time: 2011-11-30 00:18:04 PST
Type: PPPoEUser Name: [email protected] Address: 203.0.113.13IPv6 Prefix: 2001:db8:1::/32IPv6 User Prefix: 2001:db8:1:1::/32Logical System: defaultRouting Instance: ASP-1Interface: pp0.1073741825Interface type: DynamicDynamic Profile Name: dualStack-Profile1MAC Address: 00:00:5e:00:53:02State: ActiveRadius Accounting ID: 2Session ID: 2Login Time: 2011-11-30 00:18:05 PSTIPv6 Delegated Network Prefix Length: 48IPv6 Interface Address: 2001:db8:2016:1:1::1/64
695Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
IPv6 Framed Interface Id: 1:1:2:2IPv4 Input Filter Name: FILTER-IN-pp0.1073741825-inIPv4 Output Filter Name: FILTER-OUT-pp0.1073741825-outIPv6 Input Filter Name: FILTER-IN6-pp0.1073741825-inIPv6 Output Filter Name: FILTER-OUT6-pp0.1073741825-out
Type: DHCPIPv6 Prefix: 2001:db8:1::/32Logical System: defaultRouting Instance: ASP-1Interface: pp0.1073741825Interface type: StaticMAC Address: 00:00:5e:00:53:02State: ActiveRadius Accounting ID: test :3Session ID: 3Underlying Session ID: 2Login Time: 2011-11-30 00:18:35 PSTDHCP Options: len 4200 08 00 02 0b b8 00 01 00 0a 00 03 00 01 00 00 64 03 01 0200 06 00 02 00 19 00 19 00 0c 00 00 00 00 00 00 00 00 00 0000 00IPv6 Delegated Network Prefix Length: 48
show subscribers extensive (ADF Rules )
user@host> show subscribers extensive... Service Session ID: 12 Service Session Name: SERVICE-PROFILE State: Active Family: inet ADF IPv4 Input Filter Name: __junos_adf_12-demux0.3221225474-inet-in Rule 0: 010101000b0101020b020200201811 from { source-address 203.0.113.232; destination-address 198.51.100.0/24; protocol 17; } then { accept; }
show subscribers extensive (Effective Shaping-Rate)
user@host> show subscribers extensiveType: VLANLogical System: defaultRouting Instance: defaultInterface: demux0.1073741837Interface type: DynamicInterface Set: ifset-1Underlying Interface: ae1Dynamic Profile Name: svlan-dhcp-testState: ActiveSession ID: 1Stacked VLAN Id: 0x8100.201VLAN Id: 0x8100.201Login Time: 2011-11-30 00:18:04 PST
Copyright © 2018, Juniper Networks, Inc.696
Broadband Subscriber ManagementWholesale Feature Guide
Effective shaping-rate: 31000000k...
show subscribers extensive (PPPoE Subscriber Access Line Rates
user@host> show subscribers extensiveType: PPPoE IP Address: 192.85.128.1 IP Netmask: 255.255.255.255 Logical System: default Routing Instance: default Interface: pp0.3221225475 Interface type: Dynamic Underlying Interface: demux0.3221225474 Dynamic Profile Name: pppoe-client-profile-with-cos MAC Address: 00:00:6c:07:01:02 State: Active Radius Accounting ID: 4 Session ID: 4 PFE Flow ID: 14 Stacked VLAN Id: 40 VLAN Id: 1 Agent Circuit ID: circuit0 Agent Remote ID: remote0 Login Time: 2017-04-06 15:52:32 PDT
User Name: DAVE-L2BSA-SERVICE Logical System: default Routing Instance: isp-1-subscriber Interface: ge-1/2/4.3221225472 Interface type: Dynamic Interface Set: ge-1/2/4 Underlying Interface: ge-1/2/4 Core IFL Name: ge-1/3/4.0 Dynamic Profile Name: L2BSA-88a8-400LL1300VO State: ActiveRadius Accounting ID: 1 Session ID: 1 PFE Flow ID: 14 VLAN Id: 13 VLAN Map Id: 102 Inner VLAN Map Id: 1 Agent Circuit ID: circuit-aci-3 Agent Remote ID: remote49-3 Login Time: 2017-04-05 16:59:29 EDT Service Sessions: 4 IFL Input Filter Name: L2BSA-CP-400LL1300VO-ge-1/2/4.3221225472-in IFL Output Filter Name: L2BSA-CP-400LL1300VO-ge-1/2/4.3221225472-out Accounting interval: 900 DSL type: VDSL Frame/Cell Mode: Frame Overhead accounting bytes: -10 Actual upstream data rate: 1024 kbps Actual downstream data rate: 4096 kbps Adjusted downstream data rate: 3686 kbps Adjusted upstream data rate: 922 kbps Dynamic configuration: junos-vlan-map-id: 102 Service Session ID: 5 Service Session Name: SRL-L1 State: Active
697Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Family: inet, inet6 IFL Input Filter Name: L2BSA-FWF-in-10048-ge-1/2/4.3221225472-in IFL Output Filter Name: L2BSA-FWF-out-25088-ge-1/2/4.3221225472-out Service Activation time: 2017-04-05 16:59:30 EDT Dynamic configuration: l2bsa-fwf-in: L2BSA-FWF-in-10048 l2bsa-fwf-out: L2BSA-FWF-out-25088 rldown: 25088 rlup: 10048
show subscribers extensive (Subscriber Session Using PCEF Profile)
user@host> show subscribers extensiveType: VLANLogical System: defaultRouting Instance: defaultInterface: demux0.3221225517Interface type: DynamicUnderlying Interface: ge-1/0/3Dynamic Profile Name: svlan-dhcpState: ActiveSession ID: 59PFE Flow ID: 71Stacked VLAN Id: 0x8100.1VLAN Id: 0x8100.2Login Time: 2017-03-28 08:23:08 PDT
Type: DHCPUser Name: pcefuserIP Address: 5.0.0.26IP Netmask: 255.0.0.0Logical System: defaultRouting Instance: defaultInterface: demux0.3221225518Interface type: DynamicUnderlying Interface: demux0.3221225517Dynamic Profile Name: dhcp-client-profMAC Address: 00:11:01:00:00:01State: ActiveRadius Accounting ID: 60Session ID: 60PFE Flow ID: 73Stacked VLAN Id: 1VLAN Id: 2Login Time: 2017-03-28 08:23:08 PDTService Sessions: 1DHCP Options: len 935 01 01 37 04 01 03 3a 3bIP Address Pool: pool-ipv4IPv4 Input Service Set: tdf-service-setIPv4 Output Service Set: tdf-service-setPCEF Profile: pcef-prof-1PCEF Rule/Rulebase: defaultDynamic configuration: junos-input-service-filter: svc-filt-1 junos-input-service-set: tdf-service-set junos-output-service-filter: svc-filt-1 junos-output-service-set: tdf-service-set junos-pcef-profile: pcef-prof-1 junos-pcef-rule: default
Copyright © 2018, Juniper Networks, Inc.698
Broadband Subscriber ManagementWholesale Feature Guide
Service Session ID: 61 Service Session Name: pcef-serv-prof State: Active Family: inet IPv4 Input Service Set: tdf-service-set IPv4 Output Service Set: tdf-service-set PCEF Profile: pcef-prof-1 PCEF Rule/Rulebase: limit-fb Service Activation time: 2017-03-28 08:31:19 PDT Dynamic configuration: pcef-prof: pcef-prof-1 pcef-rule1: limit-fb svc-filt: svc-filt-1 svc-set: tdf-service-set
show subscribers aci-interface-set-name detail (Subscriber Sessions Using Specified ACI Interface Set)
user@host> show subscribers aci-interface-set-name aci-1003-ge-1/0/0.4001 detailType: VLANLogical System: defaultRouting Instance: defaultInterface: ge-1/0/0.Underlying Interface: ge-1/0/0.4001Dynamic Profile Name: aci-vlan-set-profileDynamic Profile Version: 1State: ActiveSession ID: 13Agent Circuit ID: aci-ppp-vlan-10Login Time: 2012-03-12 10:41:56 PDT
Type: PPPoEUser Name: ppphint2IP Address: 203.0.113.17Logical System: defaultRouting Instance: defaultInterface: pp0.1073741834Interface type: DynamicInterface Set: aci-1003-ge-1/0/0.4001Interface Set Type: DynamicInterface Set Session ID: 13Underlying Interface: ge-1/0/0.4001Dynamic Profile Name: aci-vlan-pppoe-profileDynamic Profile Version: 1MAC Address: State: ActiveRadius Accounting ID: 14Session ID: 14Agent Circuit ID: aci-ppp-vlan-10Login Time: 2012-03-12 10:41:57 PDT
show subscribers agent-circuit-identifier detail (Subscriber Sessions Using Specified ACI Substring)
user@host> show subscribers agent-circuit-identifier aci-ppp-vlan detailType: VLAN Logical System: defaultRouting Instance: defaultInterface: ge-1/0/0.Underlying Interface: ge-1/0/0.4001Dynamic Profile Name: aci-vlan-set-profileDynamic Profile Version: 1
699Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
State: ActiveSession ID: 13Agent Circuit ID: aci-ppp-vlan-10Login Time: 2012-03-12 10:41:56 PDT
Type: PPPoEUser Name: ppphint2IP Address: 203.0.113.17Logical System: defaultRouting Instance: defaultInterface: pp0.1073741834Interface type: DynamicInterface Set: aci-1003-ge-1/0/0.4001Interface Set Type: DynamicInterface Set Session ID: 13Underlying Interface: ge-1/0/0.4001Dynamic Profile Name: aci-vlan-pppoe-profileDynamic Profile Version: 1MAC Address: 00:00:5e:00:53:52State: ActiveRadius Accounting ID: 14Session ID: 14Agent Circuit ID: aci-ppp-vlan-10Login Time: 2012-03-12 10:41:57 PDT
show subscribers id accounting-statistics
user@host> show subscribers id 601 accounting-statisticsSession ID: 601Accounting Statistics:Input bytes : 199994Output bytes : 121034Input packets: 5263Output packets: 5263IPv6:Input bytes : 0Output bytes : 0Input packets: 0Output packets: 0
show subscribers interface accounting-statistics
user@host> show subscribers interface pp0.3221226949 accounting-statisticsSession ID: 501Accounting Statistics:Input bytes : 199994Output bytes : 121034Input packets: 5263Output packets: 5263IPv6:Input bytes : 0Output bytes : 0Input packets: 0Output packets: 0
Session ID: 502Accounting Statistics:Input bytes : 87654Output bytes : 72108Input packets: 3322
Copyright © 2018, Juniper Networks, Inc.700
Broadband Subscriber ManagementWholesale Feature Guide
Output packets: 3322IPv6:Input bytes : 0Output bytes : 0Input packets: 0Output packets: 0
Session ID: 503Accounting Statistics:Input bytes : 156528Output bytes : 123865Input packets: 7448Output packets: 7448IPv6:Input bytes : 0Output bytes : 0Input packets: 0Output packets: 0
show subscribers interface extensive
user@host> show subscribers interface demux0.1073741826 extensiveType: VLANUser Name: [email protected] System: defaultRouting Instance: testnetInterface: demux0.1073741826Interface type: DynamicDynamic Profile Name: profile-vdemux-relay-23qosMAC Address: 00:00:5e:00:53:04State: ActiveRadius Accounting ID: 12Session ID: 12Stacked VLAN Id: 0x8100.1500VLAN Id: 0x8100.2902Login Time: 2011-10-20 16:21:59 EST
Type: DHCPUser Name: [email protected] Address: 192.0.2.0IP Netmask: 255.255.255.0Logical System: defaultRouting Instance: testnetInterface: demux0.1073741826Interface type: StaticMAC Address: 00:00:5e:00:53:04State: ActiveRadius Accounting ID: 21Session ID: 21Login Time: 2011-10-20 16:24:33 ESTService Sessions: 2
Service Session ID: 25Service Session Name: SUB-QOSState: Active
Service Session ID: 26Service Session Name: service-cb-contentState: ActiveIPv4 Input Filter Name: content-cb-in-demux0.1073741826-inIPv4 Output Filter Name: content-cb-out-demux0.1073741826-out
701Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show subscribers logical-system terse
user@host> show subscribers logical-system test1 terseInterface IP Address/VLAN ID User Name LS:RIdemux0.1073741825 203.0.113.3 RETAILER1-CLIENT test1:retailer1demux0.1073741826 203.0.113.4 RETAILER2-CLIENT test1:retailer2
show subscribers physical-interface count
user@host> show subscribers physical-interface ge-1/0/0 countTotal subscribers: 3998, Active Subscribers: 3998
show subscribers routing-instance inst1 count
user@host> show subscribers routing-instance inst1 countTotal Subscribers: 188, Active Subscribers: 183
show subscribers stacked-vlan-id detail
user@host> show subscribers stacked-vlan-id 101 detailType: VLANInterface: ge-1/2/0.1073741824Interface type: DynamicDynamic Profile Name: svlan-profState: ActiveStacked VLAN Id: 0x8100.101VLAN Id: 0x8100.100Login Time: 2009-03-27 11:57:19 PDT
show subscribers stacked-vlan-id vlan-id detail (Combined Output)
user@host> show subscribers stacked-vlan-id 101 vlan-id 100 detailType: VLANInterface: ge-1/2/0.1073741824Interface type: DynamicDynamic Profile Name: svlan-profState: ActiveStacked VLAN Id: 0x8100.101VLAN Id: 0x8100.100Login Time: 2009-03-27 11:57:19 PDT
show subscribers stacked-vlan-id vlan-id interface detail (Combined Output for a Specific Interface)
user@host> show subscribers stacked-vlan-id 101 vlan-id 100 interface ge-1/2/0.* detailType: VLANInterface: ge-1/2/0.1073741824Interface type: DynamicDynamic Profile Name: svlan-profState: ActiveStacked VLAN Id: 0x8100.101VLAN Id: 0x8100.100Login Time: 2009-03-27 11:57:19 PDT
show subscribers user-name detail
user@host> show subscribers user-name larry1 detailType: DHCPUser Name: larry1
Copyright © 2018, Juniper Networks, Inc.702
Broadband Subscriber ManagementWholesale Feature Guide
IP Address: 203.0.113.37IP Netmask: 255.255.0.0Logical System: defaultRouting Instance: defaultInterface: ge-1/0/0.1Interface type: StaticDynamic Profile Name: fooMAC Address: 00:00:5e:00:53:01State: ActiveRadius Accounting ID: 1Session ID: 1Login Time: 2011-11-07 08:25:59 PSTDHCP Options: len 5235 01 01 39 02 02 40 3d 07 01 00 10 94 00 00 01 33 04 00 0000 3c 0c 15 63 6c 69 65 6e 74 5f 50 6f 72 74 20 2f 2f 32 2f37 2d 30 2d 30 37 05 01 06 0f 21 2c
show subscribers vlan-id
user@host> show subscribers vlan-id 100Interface IP Address User Namege-1/0/0.1073741824ge-1/2/0.1073741825
show subscribers vlan-id detail
user@host> show subscribers vlan-id 100 detailType: VLANInterface: ge-1/0/0.1073741824Interface type: DynamicDynamic Profile Name: vlan-prof-tpidState: ActiveVLAN Id: 100Login Time: 2009-03-11 06:48:54 PDT
Type: VLANInterface: ge-1/2/0.1073741825Interface type: DynamicDynamic Profile Name: vlan-prof-tpidState: ActiveVLAN Id: 100Login Time: 2009-03-11 06:48:54 PDT
show subscribers vpi vci extensive (PPPoE-over-ATMSubscriber Session)
user@host> show subscribers vpi 40 vci 50 extensiveType: PPPoEUser Name: testuserIP Address: 203.0.113.2IP Netmask: 255.255.0.0Logical System: defaultRouting Instance: defaultInterface: pp0.0Interface type: StaticMAC Address: 00:00:5e:00:53:02State: ActiveRadius Accounting ID: 2Session ID: 2ATM VPI: 40ATM VCI: 50
703Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Login Time: 2012-12-03 07:49:26 PSTIP Address Pool: pool_1IPv6 Framed Interface Id: 200:65ff:fe23:102
show subscribers address detail (Enhanced Subscriber Management)
user@host> show subscribers address 203.0.113.111 detailType: DHCPUser Name: simple_filters_serviceIP Address: 203.0.113.111IP Netmask: 255.0.0.0Logical System: defaultRouting Instance: defaultInterface: demux0.3221225482 Interface type: DynamicUnderlying Interface: demux0.3221225472Dynamic Profile Name: dhcp-demux-profMAC Address: 00:00:5e:00:53:0fState: ActiveRadius Accounting ID: 11Session ID: 11PFE Flow ID: 15Stacked VLAN Id: 210VLAN Id: 209Login Time: 2014-03-24 12:53:48 PDTService Sessions: 1DHCP Options: len 335 01 01
Copyright © 2018, Juniper Networks, Inc.704
Broadband Subscriber ManagementWholesale Feature Guide
show subscribers summary
Syntax show subscribers summary<all><detail | extensive | terse><count><physical-interface physical-interface-name><logical-system logical-system pic | port | routing-instance routing-instance | slot>
Release Information Command introduced in Junos OS Release 10.2.
Description Display summary information for subscribers.
Options none—Display summary information by state and client type for all subscribers.
all—(Optional) Display summary information by state, client type, and LS:RI.
detail | extensive | terse—(Not supported on MX Series routers) (Optional) Display thespecified level of output.
count—(Not supported on MX Series routers) (Optional) Display the count of totalsubscribers and active subscribers for any specified option.
logical-system logical-system—(Optional) Display subscribers whose logical systemmatches the specified logical system.
physical-interface physical-interface-name—(M120, M320, andMXSeries routers only)(Optional) Display a count of subscribers whose physical interface matches the
specified physical interface, by subscriber state, client type, and LS:RI.
pic—(M120,M320, andMXSeries routers only) (Optional) Display a count of subscribersby PIC number and the total number of subscribers.
port—(M120,M320, andMXSeries routersonly) (Optional)Displayacountof subscribersby port number and the total number of subscribers.
routing-instance routing-instance—(Optional)Displaysubscriberswhose routing instancematches the specified routing instance.
slot—(M120,M320,andMXSeries routersonly) (Optional)Displayacountof subscribersby FPC slot number and the total number of subscribers.
NOTE: Due todisplay limitations, logical systemand routing instanceoutputvalues are truncated when necessary.
Required PrivilegeLevel
view
705Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
RelatedDocumentation
show subscribers on page 675•
List of Sample Output show subscribers summary on page 707show subscribers summary all on page 708show subscribers summary physical-interface on page 708show subscribers summary physical-interface pic on page 708show subscribers summary physical-interface port on page 709show subscribers summary physical-interface slot on page 709show subscribers summary pic on page 709show subscribers summary pic (Aggregated Ethernet Interfaces) on page 709show subscribers summary port on page 709show subscribers summary port (Pseudowire Interfaces) on page 710show subscribers summary port extensive on page 710show subscribers summary slot on page 710show subscribers summary terse on page 710
Output Fields Table40onpage 706 lists theoutput fields for the showsubscriberssummary command.
Output fields are listed in the approximate order in which they appear.
Table 40: show subscribers summary Output Fields
Level of OutputField DescriptionField Name
detail noneNumber of subscribers summarized by state. The summary informationincludes the following:
• Init—Number of subscriber currently in the initialization state.
• Configured—Number of configured subscribers.
• Active—Number of active subscribers.
• Terminating—Number of subscribers currently terminating.
• Terminated—Number of terminated subscribers.
• Total—Total number of subscribers for all states.
Subscribers by State
detail extensive noneNumber of subscribers summarized by client type. Client types can includeDHCP, GRE, L2TP, PPP, PPPOE, STATIC-INTERFACE, VLAN, andVLAN-OOB. Also displays the total number of subscribers for all clienttypes (Total).
Subscribers by ClientType
detail noneNumber of subscribers summarized by logical system:routing instance(LS:RI) combination. Also displays the total number of subscribers for allLS:RI combinations (Total).
Subscribers by LS:RI
extensiveNumber of subscribers summarized by connection type, Cross-connectedor Terminated.
Subscribers byConnection Type
Copyright © 2018, Juniper Networks, Inc.706
Broadband Subscriber ManagementWholesale Feature Guide
Table 40: show subscribers summary Output Fields (continued)
Level of OutputField DescriptionField Name
All levelsInterface associated with the subscriber. The router or switch displayssubscriberswhose interfacematchesorbeginswith thespecified interface.
The*character indicatesacontinuationof addresses for the samesession.
For aggregated Ethernet interfaces, the output of the summary (pic | port |slot) options prefixes the interface namewith ae0:.
For pseudowire IFDs, this field displays both the pseudowire and theassociated logical tunnel (LT) and redundant logical tunnel (RLT) anchorinterface. For example:
ps0: lt-2/1/0ps1: rlt0: lt-4/0/0
Interface
detail extensive noneCountof subscribersdisplayed for eachPIC, port, or slotwhen thoseoptionsare specified with the summary option. For an aggregated Ethernetconfiguration, the total subscriber count does not equal the sum of theindividual PIC, port, or slot counts, because each subscriber can be inmorethan one aggregated Ethernet link.
Multiplepseudowire interfacescanshareagiven logical tunnelor redundantlogical tunnel anchor interface. Starting in Junos OS Release 18.1R1, thefield displays subscribers per individual pseudowire interface.
In earlier releases, the field displays the same number of subscribers for allpseudowire interfaces that share the same tunnel interface as their anchorpoint.
Count
detail extensive noneTotal number of subscribers for all physical interfaces, all PICs, all ports,or all LS:RI slots.
Total Subscribers
terseSubscriber IPaddressorVLAN IDassociatedwith thesubscriber in the formtpid.vlan-id
IP Address/VLAN ID
terseName of subscriber.User Name
terseLogical system and routing instance associated with the subscriber.LS:RI
Sample Output
show subscribers summary
user@host> show subscribers summary
Subscribers by State Init 3 Configured 2 Active 183 Terminating 2 Terminated 1
TOTAL 191
707Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Subscribers by Client Type DHCP 107 PPP 76 VLAN 8 VLAN-OOB 2 TOTAL 193
show subscribers summary all
user@host> show subscribers summary allSubscribers by State Init 3 Configured 2 Active 183 Terminating 2 Terminated 1
TOTAL 191
Subscribers by Client Type DHCP 107 PPP 76 VLAN 8
TOTAL 191
Subscribers by LS:RI default:default 1 default:ri1 28 default:ri2 16 ls1:default 22 ls1:riA 38 ls1:riB 44 logsysX:routinstY 42
TOTAL 191
show subscribers summary physical-interface
user@host> show subscribers summary physical-interface ge-1/0/0Subscribers by State Active: 3998 Total: 3998
Subscribers by Client Type DHCP: 3998 Total: 3998
Subscribers by LS:RI default:default: 3998 Total: 3998
show subscribers summary physical-interface pic
user@host> show subscribers summary physical-interface ge-0/2/0 picSubscribers by State Active: 4825 Total: 4825
Copyright © 2018, Juniper Networks, Inc.708
Broadband Subscriber ManagementWholesale Feature Guide
Subscribers by Client Type DHCP: 4825 Total: 4825
Subscribers by LS:RI default:default: 4825 Total: 4825
show subscribers summary physical-interface port
user@host> show subscribers summary physical-interface ge-0/3/0 portSubscribers by State Active: 4825 Total: 4825
Subscribers by Client Type DHCP: 4825 Total: 4825
Subscribers by LS:RI default:default: 4825 Total: 4825
show subscribers summary physical-interface slot
user@host> show subscribers summary physical-interface ge-2/0/0 slotSubscribers by State Active: 4825 Total: 4825
Subscribers by Client Type DHCP: 4825 Total: 4825
Subscribers by LS:RI default:default: 4825 Total: 4825
show subscribers summary pic
user@host> show subscribers summary picInterface Countge-1/0 1000ge-1/3 1000
Total Subscribers: 2000
show subscribers summary pic (Aggregated Ethernet Interfaces)
user@host> show subscribers summary picInterface Countae0: ge-1/0 801ae0: ge-1/3 801
Total Subscribers: 801
show subscribers summary port
user@host> show subscribers summary port
709Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Interface Countge-5/0/1 201ge-5/0/2 301
Total Subscribers: 502
show subscribers summary port (Pseudowire Interfaces)
user@host> show subscribers summary portps0: lt-2/1/0 10ps1: lt-2/1/0 20
Total Subscribers: 30
show subscribers summary port extensive
user@host>show subscribers summary port extensiveInterface: ge-5/0/1Count: 201Detail:Subscribers by Client Type DHCP: 100 PPPoE: 100 VLAN-OOB: 1Subscribers by Connection Type Terminated: 200 Cross-connected: 1
Interface: ge-5/0/2Count: 301Detail:Subscribers by Client Type DHCP: 200 PPPoE: 100 VLAN-OOB: 1Subscribers by Connection Type Terminated: 300 Cross-connected: 1
Total Subscribers: 502
show subscribers summary slot
user@host> show subscribers summary slotInterface Countge-1 2000
Total Subscribers: 2000
show subscribers summary terse
user@host> show subscribers summary terseInterface IP Address/VLAN ID User Name LS:RIge-1/3/0.1073741824 100 default:defaultdemux0.1073741824 203.0.113.10 WHOLESALER-CLIENT default:defaultdemux0.1073741825 203.0.113.13 RETAILER1-CLIENT test1:retailer1demux0.1073741826 203.0.113.213 RETAILER2-CLIENT test1:retailer2
Copyright © 2018, Juniper Networks, Inc.710
Broadband Subscriber ManagementWholesale Feature Guide
show vpls connections
Syntax show vpls connections<brief | extensive><down | up | up-down><history><instance instance-name local-site local-site-name remote-site remote-site-name><instance-history><logical-system (all | logical-system-name)><status><summary>
Release Information Command introduced before Junos OS Release 7.4.
instance-history option introduced in Junos OS Release 12.3R2.
Description (T Series and M Series routers, except for the M160 router) Display virtual private LAN
service (VPLS) connection information.
Options none—Display information about all VPLS connections for all routing instances.
brief | extensive—(Optional) Display the specified level of output.
down | up | up-down—(Optional) Display nonoperational, operational, or both types ofconnections.
history—(Optional) Display information about connection history.
instance instance-name—(Optional) Display the VPLS connections for the specifiedrouting instance only.
instance-history—(Optional)Display informationaboutconnectionhistory foraparticularinstance.
local-site local-site-name—(Optional) Display the VPLS connections for the specifiedlocal site name or ID only.
remote-site remote-site-name—(Optional)Display theVPLSconnections for thespecifiedremote site name or ID only. Label block size information is always shown as 0when
using this option.
logical-system (all | logical-system-name)—(Optional) Perform this operation on all
logical systems or on a particular logical system.
status—(Optional) Display information about the connection and interface status.
summary—(Optional) Display summary of all VPLS connections information.
Required PrivilegeLevel
view
711Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
List of Sample Output show vpls connections on page 716show vpls connections (with FEC128 and FEC129 in the samerouting-instance) on page 718show vpls connections (withmultiple pseudowires) on page 719show vpls connections extensive (Static VPLS Neighbors) on page 720
Output Fields Table41onpage712 lists theoutput fields for the showvplsconnectionscommand.Output
fields are listed in the approximate order in which they appear.
Table 41: show vpls connections Output Fields
Field DescriptionField Name
Name of the VPLS instance.Instance
Name of the local site.Local site
Identifier for the VPLS site.VPLS-id
Number of interfaces configured for the local site.Number of localinterfaces
Number of interfaces configured for the local site that are currently up.Number of localinterfaces up
Indicates whether or not an integrated routing and bridging (IRB) interface ispresent (yes or no).
IRB interfacepresent
List of all of the interfaces configured for the local site. The types of interfacescan include VPLS virtual loopback tunnel interfaces and label-switchedinterfaces. Any interface that supports VPLS could be listed here.
Virtual loopback tunnel interfaces are displayed using the vt-fpc/pic/port.nnnnnformat. Label-switched interfaces are displayed using the lsi.nnnnn format. Inboth cases, nnnnn is a dynamically generated virtual port used to transport andreceive packets from other provider edge (PE) routers in the VPLS domain.
Each interface might include the following information:
• Identification as a VPLS interface
• Name of the associated VPLS routing instance
• Local site number
• Remote site number
• VPLS neighbor address
• VPLS identifier
Intf
Flag associated with the interface. Can include the following:
• VC-Down—The virtual circuit associated with this interface is down.
Interface flags
First label in a block of labels. A remote PE router uses this first label whensending traffic toward the advertising PE router.
Label-base
Copyright © 2018, Juniper Networks, Inc.712
Broadband Subscriber ManagementWholesale Feature Guide
Table 41: show vpls connections Output Fields (continued)
Field DescriptionField Name
Displays theVPLSEdge (VE) block offset in the Layer 2VPNNLRI. TheVEblockoffset is used to identify a label block fromwhich a particular label value isselected to setup a pseduowire for a remote site. The block offset value itselfindicates the starting VE ID that maps to the label base contained in the VPLSNLRI advertisement.
Offset
Label block size. A configurable value that represents thenumberof label blocksrequired to cover all the pseudowires for the remote peer. Acceptableconfiguration values are: 2, 4, 8 and 16. The default value is 2. A value of 0willbe displayed when using the remote-site option.
Size
Label block range. A value that keeps track of the numbers of remote sitesdiscovered within each label block.
Range
Preference value advertised for a VPLS site. Whenmultiple PE routers areassigned the same VE ID for multihoming, youmight need to specify that aparticular PE router acts as the designated forwarder by configuring the sitepreference value. The site preference indicates the degree of preference for aparticular customer site. The site preference is one of the tie-breaking criteriaused in a designated forwarder election.
Preference
Bit vector advertising the state of local PE-CE circuits to remote PE routers. Abit value of 0 indicates that the local circuit and LSP tunnel to the remote PErouter are up, whereas a value of 1 indicates either one or both are down.
status-vector
Name of the connection site.connection-site
IP address and VPLS identifier for the VPLS neighbor. If multiple pseudowireshavebeenconfigured, the IPaddresswill also show thePW-specific vpls-id-list,for example, 203.0.113.144 (vpls-id 200).
Neighbor
Type of connection: loc (local) or rmt (remote).Type
713Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 41: show vpls connections Output Fields (continued)
Field DescriptionField Name
Status of the VPLS connection (corresponds with Legend for ConnectionStatus):
• EI—The local VPLS interface is configured with an encapsulation that is notsupported.
• EM—The encapsulation type received on this VPLS connection from theneighbor does notmatch the local VPLS connection interface encapsulationtype.
• VC-Dn—The virtual circuit is currently down.
• CM—The two routers do not agree on a control word, which causes a controlword mismatch.
• CN—The virtual circuit is not provisioned properly.
• OR—The label associated with the virtual circuit is out of range.
• OL—No advertisement has been received for this virtual circuit from theneighbor. There is no outgoing label available for use by this virtual circuit.
• LD—All of the CE-facing interfaces to the local site are down. Therefore, theconnection to the local site is signaled as down to the other PE routers. Nopseudowires can be established.
• RD—All the interfaces to the remoteneighboraredown.Therefore, the remotesite has been signaled as down to the other PE routers. No pseudowires canbe established.
• LN—The local site has lost path selection to the remote site and thereforeno pseduowires can be established from this local site.
• RN—The remote site has lost path selection to a local site or other remotesite and therefore no pseudowires are established to this remote site.
In a multihoming configuration, onemultihomed PE site displays the stateLN, and the other multihomed PE site displays the state RN in the followingcircumstances:
• Themultihomed links are both configured to be the backup site.
• The twomultihomed PE routers have the same site ID, but have a peeringrelationship with a route reflector (RR) that has a different site ID.
• XX—The VPLS connection is down for an unn reason. This is a programmingerror.
• MM—The MTU for the local site and the remote site do not match.
• BK—The router is using a backup connection.
• PF—Profile parse failure.
• RS—The remote site is in a standby state.
• NC—The interface encapsulation is not configured as an appropriate CCC,TCC, or VPLS encapsulation.
• WE—The encapsulation configured for the interface does not match theencapsulation configured for the associated connection within the VPLSrouting instance.
St
Copyright © 2018, Juniper Networks, Inc.714
Broadband Subscriber ManagementWholesale Feature Guide
Table 41: show vpls connections Output Fields (continued)
Field DescriptionField Name
• NP—The router detects that interface hardware is not present. The hardwaremight be offline, a PICmight not be of the desired type, or the interfacemightbe configured in a different routing instance.
• -->—Only the outbound connection is up.
• <-—Only the inbound connection is up.
• Up—The VPLS connection is operational.
• Dn—The VPLS connection is down.
• CF—The router cannot find enough bandwidth to the remote router to satisfythe VPLS connection bandwidth requirement.
• SC—The local site identifiermatches the remote site identifier. Nopseudowirecan be established between these two sites. You should configure differentvalues for the local and remote site identifiers.
• LM—The local site identifier is not theminimumdesignated,meaning it is notthe lowest. There is another local sitewith a lower site identifier. Pseudowiresare not being established to this local site. and the associated local siteidentifier is not being used to distribute VPLS label blocks. However, this isnot anerror state. Traffic continues tobe forwarded to thePE router interfacesconnected to the local sites when the local sites are in this state.
• RM—The remote site identifier is not the minimum designated, meaning it isnot the lowest. There is another remote site connected to the samePE routerwhichhas lower site identifier. ThePE router cannot establishedapseudowireto this remote site and the associated remote site identifier cannot be usedto distribute VPLS label blocks. However, this is not an error state. Traffic cancontinue to be forwarded to the PE router interface connected to this remotesite when the remote site is in this state.
• IL—The incoming packets for the VPLS connection have no MPLS label.
• MI—The configuredmesh group identifier is in use by another system in thenetwork.
• ST—The router has switched to a standby connection.
• PB—Profile busy.
• SN—The VPLS neighbor is static.
Time connection was last in the Up condition.Time last up
Number of transitions from Down to Up condition.#Up trans
Status of the (local or remote circuit) local interface:
• Up—Operational
• Dn—Down
• NP—Not present
• DS—Disabled
• WE—Wrong encapsulation
• UN—Uninitialized
Status
Type of encapsulation: VPLS.Encapsulation
Address of the remote provider edge router.Remote PE
715Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 41: show vpls connections Output Fields (continued)
Field DescriptionField Name
Whether a control word has been negotiated: Yes or No.Negotiatedcontrol-word
Name of the incoming label.Incoming label
Name of the outgoing label.Outgoing label
Indicates whether or not the pseudowire status TLV has been negotiated forthe VPLS connection.
Negotiated PWstatus TLV
Provides the following information about the local interface configured for theVPLS neighbor:
• Name of the local interface
• Status—Interface status (Up or Down)
• Encapsulation—Interface encapsulation (for example, ETHERNET)
• Description—Includes the VPLS instance name, the VPLS neighbor address,and the VPLS identifier
Local interface
Date and time of VPLS connection event.Time
Type of event.Event
Interface, label, or PE router.Interface/Lbl/PE
Eachentrycan include thedate, time, year, and theconnectionevent.Connectionevents include any of a variety of events related to VPLS connections, such asroute changes, label updates, and interfaces going down or coming up.
Connection History
Sample Output
show vpls connections
user@host> show vpls connectionsLayer-2 VPN connections:
Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLSEM -- encapsulation mismatch WE -- interface and instance encaps not sameVC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -< -- only outbound connection is upCN -- circuit not provisioned >- -- only inbound connection is upOR -- out of range Up -- operationalOL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collisionLN -- local site not designated LM -- local site ID not minimum designatedRN -- remote site not designated RM -- remote site ID not minimum designatedXX -- unn connection status IL -- no incoming labelMM -- MTU mismatch MI -- Mesh-Group ID not availableBK -- Backup connection ST -- Standby connection
Copyright © 2018, Juniper Networks, Inc.716
Broadband Subscriber ManagementWholesale Feature Guide
PF -- Profile parse failure PB -- Profile busy
Legend for interface status Up -- operational Dn -- down
Instance: vpls-1 Local site: 1 (11) Number of local interfaces: 1 Number of local interfaces up: 1 IRB interface present: no lt-1/3/0.10496 vt-1/3/0.1048588 1 Intf - vpls vpls-1 local site 11 remote site 1
vt-1/2/0.1048591 2 Intf - vpls vpls-1 local site 11 remote site 2
vt-1/2/0.1048585 3 Intf - vpls vpls-1 local site 11 remote site 3
vt-1/2/0.1048587 4 Intf - vpls vpls-1 local site 11 remote site 4
vt-1/2/0.1048589 5 Intf - vpls vpls-1 local site 11 remote site 5
vt-1/3/0.1048586 6 Intf - vpls vpls-1 local site 11 remote site 6
vt-1/3/0.1048590 7 Intf - vpls vpls-1 local site 11 remote site 7
vt-1/3/0.1048584 8 Intf - vpls vpls-1 local site 11 remote site 8
Label-base Offset Size Range Preference 800256 1 16 16 100 Timer Values: Startup wait time: 120 seconds New site wait-time: 20 seconds Collision detect time: 30 seconds Reclaim wait time: 748 milliseconds connection-site Type St Time last up # Up trans 1 rmt Up Apr 28 13:28:24 2009 2 Remote PE: 192.0.2.1, Negotiated control-word: No Incoming label: 800256, Outgoing label: 800026 Local interface: vt-1/3/0.1048588, Status: Up, Encapsulation: VPLS Description: Intf - vpls vpls-1 local site 11 remote site 1 Connection History: Apr 28 13:28:24 2009 status update timer Apr 28 13:28:24 2009 PE route down Apr 28 13:24:27 2009 status update timer Apr 28 13:24:27 2009 loc intf up vt-1/3/0.1048588 Apr 28 13:24:27 2009 PE route changed Apr 28 13:24:27 2009 Out lbl Update 800026 Apr 28 13:24:27 2009 In lbl Update 800256 Apr 28 13:24:27 2009 loc intf down 2 rmt Up Apr 28 13:28:24 2009 2 Remote PE: 192.0.2.71, Negotiated control-word: No Incoming label: 800257, Outgoing label: 800034 Local interface: vt-1/2/0.1048591, Status: Up, Encapsulation: VPLS Description: Intf - vpls vpls-1 local site 11 remote site 2 Connection History: Apr 28 13:28:24 2009 status update timer Apr 28 13:28:24 2009 PE route down Apr 28 13:24:28 2009 status update timer Apr 28 13:24:28 2009 loc intf up vt-1/2/0.1048591 Apr 28 13:24:28 2009 PE route changed
717Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Apr 28 13:24:28 2009 Out lbl Update 800034 Apr 28 13:24:28 2009 In lbl Update 800257 Apr 28 13:24:28 2009 loc intf down
show vpls connections (with FEC128 and FEC129 in the same routing-instance)
user@host> show vpls connectionsInstance: fec129 L2vpn-id: 1:1 Local-id: 203.0.113.0FEC129-VPLS State: Mesh-group connections: __ves__ Remote-id Type St Time last up # Up trans 203.0.3.3 rmt Up Sep 19 09:59:56 2017 1 Remote PE: 203.0.3.3, Negotiated control-word: No Incoming label: 262155, Outgoing label: 262164 Negotiated PW status TLV: No Local interface: lsi.1048844, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls fec129 local-id 81.4.4.4 remote-id 203.0.3.3 neighbor 203.0.3.3 Flow Label Transmit: No, Flow Label Receive: No 203.0.2.2 rmt Up Sep 19 09:59:52 2017 1 Remote PE: 203.0.2.2, Negotiated control-word: No Incoming label: 262154, Outgoing label: 262157 Negotiated PW status TLV: No Local interface: lsi.1048846, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls fec129 local-id 81.4.4.4 remote-id 203.0.2.2 neighbor 203.0.2.2 Flow Label Transmit: No, Flow Label Receive: No 203.0.1.1 rmt Up Sep 19 09:59:48 2017 1 Remote PE: 203.0.1.1, Negotiated control-word: No Incoming label: 262156, Outgoing label: 262157 Negotiated PW status TLV: No Local interface: lsi.1048845, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls fec129 local-id 81.4.4.4 remote-id 203.0.1.1 neighbor 203.0.1.1 Flow Label Transmit: No, Flow Label Receive: No
LDP-VPLS State Mesh-group connections: MG1 Neighbor Type St Time last up # Up trans 203.0.6.6(vpls-id 1) rmt Up Sep 17 19:17:11 2017 1 Remote PE: 203.0.6.6, Negotiated control-word: No Incoming label: 262423, Outgoing label: 262145 Negotiated PW status TLV: No Local interface: lsi.1049859, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls bgp-vpls neighbor 203.0.6.6 vpls-id 1 Flow Label Transmit: No, Flow Label Receive: No 203.0.7.7(vpls-id 1) rmt Up Sep 17 19:17:04 2017 1 Remote PE: 203.0.7.7, Negotiated control-word: No Incoming label: 262424, Outgoing label: 262145 Negotiated PW status TLV: No Local interface: lsi.1049857, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls bgp-vpls neighbor 203.0.7.7 vpls-id 1 Flow Label Transmit: No, Flow Label Receive: No Mesh-group connections: MG2 Neighbor Type St Time last up # Up trans 203.0.5.5(vpls-id 1) rmt Up Sep 17 19:17:00 2017 1 Remote PE: 203.0.5.5, Negotiated control-word: No Incoming label: 262425, Outgoing label: 299872 Negotiated PW status TLV: No
Copyright © 2018, Juniper Networks, Inc.718
Broadband Subscriber ManagementWholesale Feature Guide
Local interface: lsi.1049856, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls bgp-vpls neighbor 203.0.5.5 vpls-id 1 Flow Label Transmit: No, Flow Label Receive: No
show vpls connections (withmultiple pseudowires)
user@host> show vpls connectionsLayer-2 VPN connections:
Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLSEM -- encapsulation mismatch WE -- interface and instance encaps not sameVC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is upCN -- circuit not provisioned <- -- only inbound connection is upOR -- out of range Up -- operationalOL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collisionLN -- local site not designated LM -- local site ID not minimum designatedRN -- remote site not designated RM -- remote site ID not minimum designatedXX -- unknown connection status IL -- no incoming labelMM -- MTU mismatch MI -- Mesh-Group ID not availableBK -- Backup connection ST -- Standby connectionPF -- Profile parse failure PB -- Profile busyRS -- remote site standby SN -- Static NeighborLB -- Local site not best-site RB -- Remote site not best-siteVM -- VLAN ID mismatch
Legend for interface status Up -- operational Dn -- down
Instance: vpls VPLS-id: 100 Mesh-group connections: __ves__ Neighbor Type St Time last up # Up trans 10.255.114.3 (vpls-id 100) rmt Up Apr 11 23:38:38 2013 1 Remote PE: 10.255.114.3, Negotiated control-word: No Incoming label: 262145, Outgoing label: 262145 Negotiated PW status TLV: No Local interface: lsi.1049090, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls h-vpls neighbor 10.255.114.3 vpls-id 100
Mesh-group connections: spokes Neighbor Type St Time last up # Up trans 10.255.114.4 (vpls-id 200) rmt Up Apr 11 23:39:25 2013 1 Remote PE: 10.255.114.4, Negotiated control-word: No Incoming label: 262148, Outgoing label: 304224 Negotiated PW status TLV: Yes local PW status code: 0x00000000, Neighbor PW status code: 0x00000000 Local interface: lsi.1049091, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls h-vpls neighbor 10.255.114.4 vpls-id 200 10.255.114.4 (vpls-id 201) rmt Up Apr 11 23:39:25 2013 1 Remote PE: 10.255.114.4, Negotiated control-word: No Incoming label: 262149, Outgoing label: 304225 Negotiated PW status TLV: Yes local PW status code: 0x00000000, Neighbor PW status code: 0x00000000 Local interface: lsi.1049096, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls h-vpls neighbor 10.255.114.4 vpls-id 201
719Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show vpls connections extensive (Static VPLS Neighbors)
user@host> show vpls connections extensive instance redLayer-2 VPN connections:
Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLSEM -- encapsulation mismatch WE -- interface and instance encaps not sameVC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is upCN -- circuit not provisioned <- -- only inbound connection is upOR -- out of range Up -- operationalOL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure RD -- remote site signaled down SC -- local and remote site ID collisionLN -- local site not designated LM -- local site ID not minimum designatedRN -- remote site not designated RM -- remote site ID not minimum designatedXX -- unn connection status IL -- no incoming labelMM -- MTU mismatch MI -- Mesh-Group ID not availableBK -- Backup connection ST -- Standby connectionPF -- Profile parse failure PB -- Profile busyRS -- remote site standby SN -- Static Neighbor
Legend for interface status Up -- operational Dn -- down
Instance: static VPLS-id: 1 Number of local interfaces: 1 Number of local interfaces up: 1 ge-0/0/5.0 lsi.1049344 Intf - vpls static neighbor 10.255.114.3 vpls-id 1 Neighbor Type St Time last up # Up trans 10.255.114.3(vpls-id 1)(SN) rmt Up Mar 4 08:48:41 2010 1 Remote PE: 10.255.114.3, Negotiated control-word: No Incoming label: 29696, Outgoing label: 29697 Negotiated PW status TLV: No Local interface: lsi.1049344, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls static neighbor 10.255.114.3 vpls-id 1 Connection History: Mar 4 08:48:41 2010 status update timer Mar 4 08:48:41 2010 PE route changed Mar 4 08:48:41 2010 Out lbl Update 29697 Mar 4 08:48:41 2010 In lbl Update 29696 Mar 4 08:48:41 2010 loc intf up lsi.1049344
user@PE1> show vpls connections extensive (Multihoming with FEC 129)Layer-2 VPN connections:
Legend for connection status (St) EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLSEM -- encapsulation mismatch WE -- interface and instance encaps not sameVC-Dn -- Virtual circuit down NP -- interface hardware not present CM -- control-word mismatch -> -- only outbound connection is upCN -- circuit not provisioned <- -- only inbound connection is upOR -- out of range Up -- operationalOL -- no outgoing label Dn -- down LD -- local site signaled down CF -- call admission control failure
Copyright © 2018, Juniper Networks, Inc.720
Broadband Subscriber ManagementWholesale Feature Guide
RD -- remote site signaled down SC -- local and remote site ID collisionLN -- local site not designated LM -- local site ID not minimum designatedRN -- remote site not designated RM -- remote site ID not minimum designatedXX -- unknown connection status IL -- no incoming labelMM -- MTU mismatch MI -- Mesh-Group ID not availableBK -- Backup connection ST -- Standby connectionPF -- Profile parse failure PB -- Profile busyRS -- remote site standby SN -- Static NeighborLB -- Local site not best-site RB -- Remote site not best-siteVM -- VLAN ID mismatch
Legend for interface status Up -- operational Dn -- down
Instance: green L2vpn-id: 100:100 Local-id: 192.0.2.2 Number of local interfaces: 2 Number of local interfaces up: 2 ge-0/3/1.0 ge-0/3/3.0 lsi.101711873 Intf - vpls green local-id 192.0.2.2 remote-id 192.0.2.4 neighbor 192.0.2.4 Remote-id Type St Time last up # Up trans 192.0.2.4 rmt Up Jan 31 13:49:52 2012 1 Remote PE: 192.0.2.4, Negotiated control-word: No Incoming label: 262146, Outgoing label: 262146 Local interface: lsi.101711873, Status: Up, Encapsulation: ETHERNET Description: Intf - vpls green local-id 192.0.2.2 remote-id 192.0.2.4 neighbor 192.0.2.4 Connection History: Jan 31 13:49:52 2012 status update timer Jan 31 13:49:52 2012 PE route changed Jan 31 13:49:52 2012 Out lbl Update 262146 Jan 31 13:49:52 2012 In lbl Update 262146 Jan 31 13:49:52 2012 loc intf up lsi.101711873 Multi-home: Local-site Id Pref State test 1 100 Up Number of interfaces: 1 Number of interfaces up: 1 ge-0/3/1.0 Received multi-homing advertisements: Remote-PE Pref flag Description 192.0.2.4 100 0x0
721Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show vpls flood event-queue
Syntax show vpls flood event-queue
Release Information Command introduced in Junos OS Release 8.0.
Description Display the pending events in the VPLS flood queue.
Options This command has no options.
Required PrivilegeLevel
view
List of Sample Output show vpls flood event-queue on page 722
Output Fields Table42onpage722 lists theoutput fields for the showvpls floodevent-queuecommand.
Output fields are listed in the approximate order in which they appear.
Table 42: show vpls flood event-queue Output Fields
Field DescriptionField Name
Provides information on the current event in the VPLS flood eventqueue.
Current Pending Event
Name of the event.Name
Name of the interface associated with the flood event.Owner Name
Pending operation for the event.Pending Op
Name of the last error encountered.Last Error
Number of attempts made to update the event queue.Number of Retries
List of the events awaiting processing.Pending Event List
Name of the event.Event Name
Pending operation for the event.Pending Op
Name of the interface associated with the flood event.Event Identifier
Sample Output
show vpls flood event-queue
user@host> show vpls flood event-queue
Copyright © 2018, Juniper Networks, Inc.722
Broadband Subscriber ManagementWholesale Feature Guide
Current Pending Event Name: Flood Nexthop Owner Name:ge-4/3/0.0 Pending Op: ADD Last Error:ENOMEM Number of Retries:3 Pending Event List: Event Name Pending Op Event Identifier Flood Nexthop ADD ge-4/3/0.0 Flood Route ADD ge-4/3/0.0
723Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show vpls flood instance
Syntax show vpls flood instance<brief | detail | extensive><instance-name><logical-system logical-system-name>
Release Information Command introduced in Junos OS Release 8.0.
Description Display VPLS information related to the flood process.
Options none—Display VPLS information related to the flood process for all routing instances.
brief | detail | extensive—(Optional) Display the specified level of output.
instance-name—(Optional) Display VPLS information related to the flood process forthe specified routing instance.
logical-system logical-system-name—(Optional) Display VPLS information related tothe flood process for the specified logical system.
Required PrivilegeLevel
view
List of Sample Output show vpls flood instance on page 725show vpls flood instance logical-system-name on page 725show vpls flood instance detail on page 725
Output Fields Table 43 on page 724 lists the output fields for the show vpls flood instance command.
Output fields are listed in the approximate order in which they appear.
Table 43: show vpls flood instance Output Fields
Field DescriptionField Name
Name of the logical system.Logical system
Name of the VPLS routing instance.Name
Number of CE routers connected to the VPLS instance.CEs
Number of VE routers connected to the VPLS instance.VEs
List of all flood routes associated with the VPLS instance.Flood routes
Prefix for the route.Prefix
Type of route.Type
Copyright © 2018, Juniper Networks, Inc.724
Broadband Subscriber ManagementWholesale Feature Guide
Table 43: show vpls flood instance Output Fields (continued)
Field DescriptionField Name
VPLS routing instance or interface associated with the route.Owner
Next-hop type. For example, flood for a flood route.Nhtype
Next-hop index number for the route.Nhindex
Sample Output
show vpls flood instance
user@host> show vpls flood instance
Logical system: __example_ls1__Name: greenCEs: 1VEs: 1Flood Routes: Prefix Type Owner NhType NhIndex default ALL_CE_FLOOD green flood 383 0x47/16 CE_FLOOD fe-1/2/1.0 flood 388
show vpls flood instance logical-system-name
user@host:__example_ls1__> show vpls flood instance example_ls1
Logical system: __example_ls1__Name: greenCEs: 1VEs: 1Flood Routes: Prefix Type Owner NhType NhIndex default ALL_CE_FLOOD green flood 383 0x47/16 CE_FLOOD fe-1/2/1.0 flood 388
show vpls flood instance detail
user@host:__example_ls1__> show vpls flood instance detail
Logical system: __example_ls1__Name: greenCEs: 1VEs: 1Flood Routes: Prefix Type Owner NhType NhIndex default ALL_CE_FLOOD green flood 383 0x47/16 CE_FLOOD fe-1/2/1.0 flood 388
725Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show vpls flood route
Syntax show vpls flood route(all-ce-flood instance-name instance-name <logical-system-name logical-system-name>|
ce-flood interface interface-name)
Release Information Command introduced in Junos OS Release 8.0.
Description DisplayVPLS route information related to the floodprocess for either the specified routing
instance or the specified interface.
Options all-ce-flood—Display the flood next-hop route for all customer edge routers for trafficcoming from the core of the network.
ce-flood interface interface-name—Display the flood next-hop route for traffic comingfrom the specified customer edge interface.
instance-name instance-name—Display the flood routes for the specified instance.
logical-system-name logical-system-name—(Optional) Specify the logical systemwhose flood routes you want to display. You can only specify the default logical
system name for VPLS. The default logical system name is __example_ls1__\ (the
namemust be entered in the command with the underscore characters).
Required PrivilegeLevel
view
List of Sample Output show vpls flood route all-ce-flood on page 727show vpls flood route ce-flood on page 727
Output Fields Table 44 on page 726 lists the output for the show vpls flood route command. Output
fields are listed in the approximate order in which they appear.
Table 44: show vpls flood route Output Fields
Field DescriptionField Name
Prefix for the flood route.Flood route prefix
Type of flood route (either CE_FLOOD or ALL_CE_FLOOD).Flood route type
VPLS routing instance or interface associated with the flood route.Flood route owner
Next-hop type. For example, flood for a flood route.Nexthop type
Next-hop index number for the route.Nexthop index
Interfaces to which VPLS routes are being flooded.Interfaces flooding to
Copyright © 2018, Juniper Networks, Inc.726
Broadband Subscriber ManagementWholesale Feature Guide
Table 44: show vpls flood route Output Fields (continued)
Field DescriptionField Name
Name of the interface.Name
Type of VPLS router (CE or VE).Type
Next-hop type.Nh type
Index number for the flood route.Index
Sample Output
show vpls flood route all-ce-flood
user@host:__example_ls1__> show vpls flood route all-ce-flood logical-system-name__example_ls1__instance-name green
Flood route prefix: default Flood route type: ALL_CE_FLOOD Flood route owner: green Nexthop type: flood Nexthop index: 383 Interfaces Flooding to: Name Type NhType Index fe-1/2/1.0 CE
show vpls flood route ce-flood
user@host:__example_ls1__> show vpls flood route ce-flood interface fe-1/2/1.0
Flood route prefix: 0x47/16 Flood route type: CE_FLOOD Flood route owner: fe-1/2/1.0 Nexthop type: flood Nexthop index: 388 Interfaces Flooding to: Name Type NhType Index lsi.49152 VE indr 262142
727Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
show vplsmac-table
Syntax show vplsmac-table<age><brief | detail | extensive | summary><bridge-domain bridge-domain-name><instance instance-name><interface interface-name><logical-system (all | logical-system-name)><mac-address><vlan-id vlan-id-number>
Release Information Command introduced in Junos OS Release 8.5.
Command introduced in Junos OS Release 15.1.
Description Display learned virtual private LAN service (VPLS)media access control (MAC) address
information.
Options none—Display all learned VPLSMAC address information.
age— (Optional) Display age of a single mac-address.
brief | detail | extensive | summary—(Optional) Display the specified level of output.
bridge-domainbridge-domain-name—(Optional)Display learnedVPLSMACaddressesfor the specified bridge domain.
instance instance-name—(Optional) Display learned VPLSMAC addresses for thespecified instance.
interface interface-name—(Optional) Display learned VPLSMAC addresses for thespecified instance.
logical-system (all | logical-system-name)—(Optional) Display learned VPLSMACaddresses for all logical systems or for the specified logical system.
mac-address—(Optional)Display the specified learnedVPLSMACaddress information..
vlan-idvlan-id-number—(Optional)Display learnedVPLSMACaddresses for thespecifiedVLAN.
Required PrivilegeLevel
view
List of Sample Output show vplsmac-table on page 730show vplsmac-table (with Layer 2 Services over GRE Interfaces) on page 730show vplsmac-table (with VXLAN enabled) on page 730show vplsmac-table age (for GE interface) on page 731show vplsmac-table age (for AE interface) on page 731show vplsmac-table count on page 731
Copyright © 2018, Juniper Networks, Inc.728
Broadband Subscriber ManagementWholesale Feature Guide
show vplsmac-table detail on page 732show vplsmac-table extensive on page 732
Output Fields Table 45 on page 729 describes the output fields for the showvplsmac-table command.
Output fields are listed in the approximate order in which they appear.
Table 45: show vplsmac-table Output fields
Field DescriptionField Name
Age of a single mac-address.Age
Name of the routing instance.Routing instance
Name of the bridging domain.Bridging domain
MAC address or addresses learned on a logical interface.MAC address
Status of MAC address learning properties for each interface:
• S—Static MAC address configured.
• D—Dynamic MAC address learned.
• SE—MAC accounting is enabled.
• NM—Nonconfigured MAC.
MAC flags
Name of the logical interface.Logical interface
Number of MAC addresses learned on a specific routing instance or interface.MAC count
Logical interface or logical Label Switched Interface (LSI) the address is learned on.Learning interface
Base learning interface of the MAC address. This field is introduced in Junos OS Release 14.2.Base learning interface
VLAN ID of the routing instance or bridge domain in which the MAC address was learned.Learn VLAN ID/VLAN
VXLAN Network Identifier (VNI)VXLAN ID/VXLAN
Debugging flags signifying that the MAC address is present in various lists.Layer 2 flags
Spanning Tree Protocol epoch number identifying when the MAC address was learned. Used fordebugging.
Epoch
Sequence number assigned to this MAC address. Used for debugging.Sequence number
Mask of Packet Forwarding Engines where this MAC address was learned. Used for debugging.Learning mask
Creation time of the logical interface when this MAC address was learned. Used for debugging.IPC generation
729Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Sample Output
show vplsmac-table
user@host> show vplsmac-tableMAC flags (S -static MAC, D -dynamic MAC, SE -Statistics enabled, NM -Non configured MAC)
Routing instance : vpls_ldp1VLAN : 223 MAC MAC Logical address flags interface 00:00:5e:00:53:5d D ge-0/2/5.400
MAC flags (S -static MAC, D -dynamic MAC, SE -Statistics enabled, NM -Non configured MAC)
Routing instance : vpls_redVLAN : 401 MAC MAC Logical address flags interface 00:00:5e:00:53:12 D lsi.1051138 00:00:5e:00:53:f0 D lsi.1051138
show vplsmac-table (with Layer 2 Services over GRE Interfaces)
user@host> show vplsmac-tableMAC flags (S -static MAC, D -dynamic MAC, L -locally learned SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
Routing instance : vpls_4site:1000 Bridging domain : __vpls_4site:1000__, MAC MAC Logical address flags interface 00:00:5e:00:53:f4 D,SE ge-4/2/0.1000 00:00:5e:00:53:33 D,SE lsi.1052004 00:00:5e:00:53:32 D,SE lsi.1048840 00:00:5e:00:53:14 D,SE lsi.1052005 00:00:5e:00:53:f7 D,SE gr-1/2/10.10
show vplsmac-table (with VXLAN enabled)
user@host> show vplsmac-tableMAC flags (S -static MAC, D -dynamic MAC, L -locally learned SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
Routing instance : vpls_4site:1000 Bridging domain : __vpls_4site:1000__, VLAN : 4094,4093 VXLAN: Id : 300, Multicast group: 233.252.0.1 MAC MAC Logical address flags interface 00:00:5e:00:53:f4 D,SE ge-4/2/0.1000 00:00:5e:00:53:33 D,SE lsi.1052004 00:00:5e:00:53:32 D,SE lsi.1048840 00:00:5e:00:53:14 D,SE lsi.1052005 00:00:5e:00:53:f7 D,SE vtep.1052010 00:00:5e:00:53:3f D,SE vtep.1052011
Copyright © 2018, Juniper Networks, Inc.730
Broadband Subscriber ManagementWholesale Feature Guide
show vplsmac-table age (for GE interface)
user@host> show vplsmac-table age 00:00:5e:00:53:1a instance vpls_instance_1MAC Entry Age informationCurrent Age: 4 seconds
show vplsmac-table age (for AE interface)
user@host> show vplsmac-table age 000:00:5e:00:53:1a instance vpls_instance_1MAC Entry Age informationCurrent Age on FPC1: 102 secondsCurrent Age on FPC2: 94 seconds
show vplsmac-table count
user@host> show vplsmac-table count0 MAC address learned in routing instance __example_private1__
MAC address count per interface within routing instance: Logical interface MAC count lc-0/0/0.32769 0 lc-0/1/0.32769 0 lc-0/2/0.32769 0 lc-2/0/0.32769 0 lc-0/3/0.32769 0 lc-2/1/0.32769 0 lc-9/0/0.32769 0 lc-11/0/0.32769 0 lc-2/2/0.32769 0 lc-9/1/0.32769 0 lc-11/1/0.32769 0 lc-2/3/0.32769 0 lc-9/2/0.32769 0 lc-11/2/0.32769 0 lc-11/3/0.32769 0 lc-9/3/0.32769 0
MAC address count per learn VLAN within routing instance: Learn VLAN ID MAC count 0 0
1 MAC address learned in routing instance vpls_ldp1
MAC address count per interface within routing instance: Logical interface MAC count lsi.1051137 0 ge-0/2/5.400 1
MAC address count per learn VLAN within routing instance: Learn VLAN ID MAC count 0 1
1 MAC address learned in routing instance vpls_red
MAC address count per interface within routing instance: Logical interface MAC count ge-0/2/5.300 1
MAC address count per learn VLAN within routing instance:
731Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Learn VLAN ID MAC count 0 1
show vplsmac-table detail
user@host> show vplsmac-table detailMAC address: 00:00:5e:00:53:5d Routing instance: vpls_ldp1 Learning interface: ge-0/2/5.400 Layer 2 flags: in_ifd, in_ifl, in_vlan, kernel Epoch: 0 Sequence number: 1 Learning mask: 0x1 IPC generation: 0
MAC address: 00:00:5e:00:53:5d Routing instance: vpls_red Learning interface: ge-0/2/5.300 Layer 2 flags: in_ifd, in_ifl, in_vlan, kernel Epoch: 0 Sequence number: 1 Learning mask: 0x1 IPC generation: 0
show vplsmac-table extensive
user@host> show vplsmac-table extensive
MAC address: 00:00:5e:00:53::00 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001
MAC address: 00:00:5e:00:53:01 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001
MAC address: 00:00:5e:00:53:02 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001
MAC address: 00:00:5e:00:53:03 Routing instance: vpls_1 Bridging domain: __vpls_1__, VLAN : NA Learning interface: lsi.1049165 Base learning interface: lsi.1049165 Layer 2 flags: in_hash,in_ifd,in_ifl,in_vlan,in_rtt,kernel,in_ifbd Epoch: 0 Sequence number: 1 Learning mask: 0x00000001
Copyright © 2018, Juniper Networks, Inc.732
Broadband Subscriber ManagementWholesale Feature Guide
show vpls statistics
Syntax show vpls statistics<instance instance-name><logical-system (all | logical-system-name)>
Release Information Command introduced before Junos OS Release 7.4.
Description (T Series and M Series routers, except for the M160 router) Display virtual private LAN
service (VPLS) statistics.
Options none—Display VPLS statistics for all routing instances.
instance instance-name—(Optional) Display VPLS statistics for a specific VPLS routinginstance only.
logical-system (all | logical-system-name)—(Optional) Perform this operation on all
logical systems or on a particular logical system.
Required PrivilegeLevel
view
List of Sample Output show vpls statistics on page 734show vpls statistics instance on page 735
Output Fields Table 46onpage 733 lists the output fields for the showvpls statistics command.Output
fields are listed in the approximate order in which they appear.
Table 46: show vpls statistics Output Fields
Field DescriptionField Name
Name of the VPLS instance.Instance
Name of the local VPLS virtual loopback tunnel interface,vt-fpc/pic/port.nnnnn,wherennnnn is adynamicallygeneratedvirtualport used to transport and receivepackets fromotherprovider edge(PE) routers in the VPLS domain.
Local interface
Number associated with the next hop.Index
Address of the remote provider edge router.Remote provider edgerouter
Number of multicast packets received.Multicast packets
Number of multicast bytes received.Multicast bytes
Number of VPLS flood packets received.Flood packets
733Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Table 46: show vpls statistics Output Fields (continued)
Field DescriptionField Name
Number of VPLS flood bytes received.Flood bytes
Number of MAC addresses learned by the interface and theconfiguredmaximum limit on the number of MAC addresses thatcan be learned.
Current MAC count
Sample Output
show vpls statistics
user@host> show vpls statistics
VPLS statistics:
Instance: green
Local interface: fe-2/2/1.0, Index: 69 Multicast packets: 1 Multicast bytes : 60 Flooded packets : 18 Flooded bytes : 2556 Current MAC count: 1
Local interface: lt-0/3/0.2, Index: 72 Multicast packets: 3 Multicast bytes : 153 Flooded packets : 1 Flooded bytes : 51 Current MAC count: 1
Local interface: lsi.32769, Index: 75 Current MAC count: 0
Local interface: lsi.32771, Index: 77 Remote PE: 10.255.14.222 Current MAC count: 2
Instance: red
Local interface: vt-0/3/0.32768, Index: 74 Multicast packets: 0 Multicast bytes : 0 Flooded packets : 0 Flooded bytes : 0 Current MAC count: 0
Local interface: vt-0/3/0.32770, Index: 76 Multicast packets: 0 Multicast bytes : 0 Flooded packets : 0 Flooded bytes : 0 Current MAC count: 0
Copyright © 2018, Juniper Networks, Inc.734
Broadband Subscriber ManagementWholesale Feature Guide
show vpls statistics instance
user@host> show vpls statistics instance red
Layer-2 VPN Statistics: Instance: red
Local interface: vt-3/2/0.32768, Index: 73 Remote provider edge router: 10.255.17.35 Multicast packets: 0 Multicast bytes : 0 Flood packets : 0 Flood bytes : 0 Current MAC count: 1 (Limit 20)
735Copyright © 2018, Juniper Networks, Inc.
Chapter 12: Operational Commands
Copyright © 2018, Juniper Networks, Inc.736
Broadband Subscriber ManagementWholesale Feature Guide